cbcvebase.
CVE-2011-0920
published 2011-02-08

CVE-2011-0920: The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass…

PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.08%
95.0th percentile
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.

Affected

58 ranges· showing 25
VendorProductVersion rangeFixed in
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino
ibmdomino

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2011-0920 affects the Java Console in IBM Domino; authentication bypass is possible when UNC share pathnames are used in an unsupported configuration — monitor for UNC path strings (\\server\share) in Domino Java Console traffic
  • The IBM Lotus Domino Server Controller authentication bypass (related exploit) targets versions 8.5.3 and 8.5.2 FP3 on Windows platforms — flag unauthenticated connections to the Domino Server Controller service
  • ·The authentication bypass is only exploitable when a specific unsupported configuration involving UNC share pathnames is in use; standard configurations are not affected by this particular attack vector
  • ·CVE-2016-0304 exists because the original fix for CVE-2011-0920 was incomplete; patching to 8.5.3 FP6 IF13 or 9.0.1 FP6 is required to fully remediate
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.