CVE-2011-0912

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICAL

EPSS

1.7%

top 17.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Notes

Timeline

PublishedFeb 8

Latest updateMay 17

Description

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/lotus_notes16 versions+15

🔴Vulnerability Details

GHSA

GHSA-4225-968q-h9xp: Argument injection vulnerability in IBM Lotus Notes 8↗2022-05-17

▶

CVEList

CVE-2011-0912: Argument injection vulnerability in IBM Lotus Notes 8↗2011-02-08

▶