CVE-2007-6594 — IBM Lotus Notes vulnerability

CWE-2643 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 88.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Notes
Timeline
PublishedDec 28
Latest updateMay 1

Description

IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

â–¶NVDibm/lotus_notes8.0.1

🔴Vulnerability Details

2
GHSA
GHSA-8qg9-hcmh-rgjp: IBM Lotus Notes 8 for Linux before 8↗2022-05-01
â–¶
CVEList
CVE-2007-6594: IBM Lotus Notes 8 for Linux before 8↗2007-12-28
â–¶
CVE-2007-6594 — IBM Lotus Notes vulnerability | cvebase