Skip to main content

Lotus Inotes CVE-2013-0536

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2013-06-21 psirt@us.ibm.com
7.2
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jun 21, 2013 - 17:55 cve.org
HIGH 7.2

DescriptionCVE.org

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.

AnalysisAI

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24. Affected products include: Ibm Lotus Inotes, Ibm Lotus Notes, Ibm Lotus Notes Traveler.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-2175 CRITICAL POC
9.3 Jun 20

Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x befo

CVE-2013-4068 HIGH
7.1 Sep 20

Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to exe

CVE-2016-0282 MEDIUM
5.4 Nov 24

Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject

CVE-2014-0913 MEDIUM
4.3 May 09

Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remot

CVE-2013-0595 MEDIUM
4.3 Aug 27

Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remot

CVE-2013-4063 MEDIUM
4.3 Dec 21

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows re

CVE-2012-5943 MEDIUM
4.3 Mar 26

Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to i

CVE-2013-0591 LOW
3.5 Aug 27

Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenti

CVE-2013-0590 LOW
3.5 Aug 27

Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenti

CVE-2013-4065 LOW
2.6 Dec 21

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ult

CVE-2013-4064 LOW
2.1 Dec 21

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ult

CVE-2013-0525 LOW
1.5 Mar 26

Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script

Share

CVE-2013-0536 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy