Ibm Lotus Notes Traveler vulnerabilities

25 known vulnerabilities affecting ibm/lotus_notes_traveler.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL4HIGH1MEDIUM17LOW3

Vulnerabilities

Page 1 of 2

CVE-2013-0536HIGHCVSS 7.2v9.02013-06-21

CVE-2013-0536 [HIGH] CWE-264 CVE-2013-0536: ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8. ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.

nvd

CVE-2012-4820CRITICALCVSS 9.3v8.0v8.0.1+13 more2013-01-11

CVE-2012-4820 [CRITICAL] CVE-2012-4820: Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes

nvd

CVE-2012-4822CRITICALCVSS 9.3v8.0v8.0.1+13 more2013-01-11

CVE-2012-4822 [CRITICAL] CVE-2012-4822: Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lo

nvd

CVE-2012-4823CRITICALCVSS 9.3v8.0v8.0.1+13 more2013-01-11

CVE-2012-4823 [CRITICAL] CVE-2012-4823: Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes

nvd

CVE-2012-4821CRITICALCVSS 9.3v8.0v8.0.1+13 more2013-01-11

CVE-2012-4821 [CRITICAL] CVE-2012-4821: Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lo

nvd

CVE-2012-4824MEDIUMCVSS 5.8v8.5.3v8.5.3.1+2 more2012-10-08

CVE-2012-4824 [MEDIUM] CWE-20 CVE-2012-4824: Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Int Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.

nvd

CVE-2012-4825MEDIUMCVSS 4.3≤ 8.5.3.1v8.5.0.0+7 more2012-10-08

CVE-2012-4825 [MEDIUM] CWE-79 CVE-2012-4825: Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lot Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.

nvd

CVE-2012-5309MEDIUMCVSS 6.8v8.5.0.0v8.5.0.1+9 more2012-10-08

CVE-2012-5309 [MEDIUM] CWE-287 CVE-2012-5309: servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restric servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

nvd

CVE-2012-5308MEDIUMCVSS 6.8v8.5.0.0v8.5.0.1+9 more2012-10-08

CVE-2012-5308 [MEDIUM] CWE-352 CVE-2012-5308: Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler thro Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.

nvd

CVE-2012-5307LOWCVSS 2.6≤ 8.5.3.3v8.5.0.0+9 more2012-10-08

CVE-2012-5307 [LOW] CVE-2012-5307: Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5. Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.

nvd

CVE-2009-5033MEDIUMCVSS 4.0≤ 8.5.0.1v8.0+4 more2010-12-16

CVE-2009-5033 [MEDIUM] CWE-200 CVE-2009-5033: IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a cer IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread.

nvd

CVE-2010-4552MEDIUMCVSS 5.0≤ 8.5.0.2v8.0+5 more2010-12-16

CVE-2010-4552 [MEDIUM] CWE-399 CVE-2010-4552: Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients.

nvd

CVE-2010-4549MEDIUMCVSS 4.0≤ 8.5.1.2v8.0+7 more2010-12-16

CVE-2010-4549 [MEDIUM] CWE-264 CVE-2010-4549: IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.

nvd

CVE-2010-4553MEDIUMCVSS 5.0≤ 8.5.0.2v8.0+5 more2010-12-16

CVE-2010-4553 [MEDIUM] CWE-20 CVE-2010-4553: An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME t An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

nvd

CVE-2010-4544MEDIUMCVSS 4.3≤ 8.5.1.2v8.0+7 more2010-12-16

CVE-2010-4544 [MEDIUM] CWE-79 CVE-2010-4544: Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 a Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd

CVE-2010-4546MEDIUMCVSS 4.0≤ 8.5.1.1v8.0+6 more2010-12-16

CVE-2010-4546 [MEDIUM] CWE-264 CVE-2010-4546: IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request.

nvd

CVE-2010-4551MEDIUMCVSS 4.0≤ 8.5.1.1v8.0+6 more2010-12-16

CVE-2010-4551 [MEDIUM] CVE-2010-4551: IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of servi IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation.

nvd

CVE-2009-5036MEDIUMCVSS 4.0≤ 8.0.1.3v8.0+2 more2010-12-16

CVE-2009-5036 [MEDIUM] CVE-2009-5036: traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cau traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation.

nvd

CVE-2009-5035MEDIUMCVSS 4.3≤ 8.5.0.1v8.0+4 more2010-12-16

CVE-2009-5035 [MEDIUM] CWE-200 CVE-2009-5035: The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoi The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages.

nvd

CVE-2009-5032MEDIUMCVSS 5.8≤ 8.5.0.1v8.0+4 more2010-12-16

CVE-2009-5032 [MEDIUM] CWE-310 CVE-2009-5032: The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages w The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

nvd

1 / 2Next →