CVE-2014-0886
published 2014-03-25CVE-2014-0886: The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and…
PriorityP434high7.1CVSS 2.0
AVNACHAuSCCICAC
EPSS
1.62%
73.1th percentile
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | lotus_protector_for_mail_security | — | — |
| ibm | lotus_protector_for_mail_security | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
IBM Lotus Protector for Mail Security up to 2.7 Access Restriction os command injection (Nessus ID 74121 / ID 123083)
vuldb·2026-05-09·CVSS 7.1
CVE-2014-0886 [HIGH] IBM Lotus Protector for Mail Security up to 2.7 Access Restriction os command injection (Nessus ID 74121 / ID 123083)
A vulnerability identified as critical has been detected in IBM Lotus Protector for Mail Security up to 2.7. This affects an unknown function of the component Access Restriction. Performing a manipulation results in os command injection.
This vulnerability is cataloged as CVE-2014-0886. It is possible to initiate the attack remotely. There is no exploit available.
You should upgrade the affected component.
GHSA
GHSA-3962-mvm3-c84q: The Admin Web UI in IBM Lotus Protector for Mail Security 2
ghsa_unreviewed·2022-05-17
CVE-2014-0886 [HIGH] CWE-78 GHSA-3962-mvm3-c84q: The Admin Web UI in IBM Lotus Protector for Mail Security 2
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-03-25
Published