CVE-2012-0191IBM Lotus Expeditor vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 57.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Expeditor
Timeline
PublishedJun 22
Latest updateMay 4

Description

The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_expeditor6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-qr96-4rrh-jjfm: The web container in IBM Lotus Expeditor 62022-05-04
CVEList
CVE-2012-0191: The web container in IBM Lotus Expeditor 62012-06-22
CVE-2012-0191 — IBM Lotus Expeditor vulnerability | cvebase