CVE-2010-0919

CWE-119 — Buffer Overflow CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

7.6HIGH

EPSS

21.3%

top 4.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Inotes IBM Domino WEB Access

Timeline

PublishedMar 3

Latest updateMay 2

Description

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/domino_web_access7 versions+6

▶NVDibm/lotus_inotes229.271+22

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-9hr9-jvm4-mp78: Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6↗2022-05-02

▶

CVEList

CVE-2010-0919: Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6↗2010-03-03

▶

📋Vendor Advisories

Red Hat

php: NULL pointer dereference in XML-RPC extension↗2010-03-12

▶