CVE-2014-0885
published 2014-03-25CVE-2014-0885: Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote…
PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.57%
42.8th percentile
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | lotus_protector_for_mail_security | — | — |
| ibm | lotus_protector_for_mail_security | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
IBM Lotus Protector for Mail Security up to 2.7 cross-site request forgery (Nessus ID 74121 / ID 123083)
vuldb·2026-05-09·CVSS 6.8
CVE-2014-0885 [MEDIUM] IBM Lotus Protector for Mail Security up to 2.7 cross-site request forgery (Nessus ID 74121 / ID 123083)
A vulnerability categorized as problematic has been discovered in IBM Lotus Protector for Mail Security up to 2.7. The impacted element is an unknown function. Such manipulation leads to cross-site request forgery.
This vulnerability is listed as CVE-2014-0885. The attack may be performed from remote. There is no available exploit.
It is advisable to upgrade the affected component.
GHSA
GHSA-2843-97wr-vcmh: Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2
ghsa_unreviewed·2022-05-17
CVE-2014-0885 [MEDIUM] CWE-352 GHSA-2843-97wr-vcmh: Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-03-25
Published