Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1519Improper Authentication in IBM Lotus Domino

CWE-287Improper Authentication5 documents5 sources
Severity
10.0CRITICALNVD
CNA9.3
EPSS
9.1%
top 7.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Domino
Timeline
PublishedMar 25
Latest updateMay 14

Description

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/lotus_domino33 versions+32

🔴Vulnerability Details

2
GHSA
GHSA-vgwj-fv3c-ww5m: The remote console in the Server Controller in IBM Lotus Domino 72022-05-14
CVEList
CVE-2011-1519: The remote console in the Server Controller in IBM Lotus Domino 72011-03-25

💥Exploits & PoCs

1
Exploit-DB
IBM Lotus Domino Server Controller - Authentication Bypass2011-11-30
CVE-2011-1519 — Improper Authentication in IBM | cvebase