|
|
Cpe Name: cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:*
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-4595 |
264 |
|
Bypass |
2010-12-22 |
2010-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. |
|
2 |
CVE-2010-4594 |
399 |
|
DoS |
2010-12-22 |
2010-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue. |
|
3 |
CVE-2010-4593 |
399 |
|
DoS |
2010-12-22 |
2011-01-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices. |
|
4 |
CVE-2010-4592 |
399 |
|
DoS |
2010-12-22 |
2011-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts. |
|
5 |
CVE-2010-4591 |
287 |
|
|
2010-12-22 |
2011-01-11 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. |
|
6 |
CVE-2010-4590 |
79 |
|
XSS |
2010-12-22 |
2010-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Total number of vulnerabilities : 6
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
