Freely subscribe to our NEWSLETTER

– Severity: 2/4
– Consequences: user access/rights, data reading
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 08/01/2010

IMPACTED PRODUCTS

– Lotus Domino

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in Lotus iNotes (DWA, Domino
Web Access).

The Ultra-light mode is mainly used by mobile devices. In this
mode, the contact edition is impacted by a vulnerability.
[grav:2/4; LSHR7TBLY5]

In Ultra-light mode, an attacker can inject commands in the url.
[grav:2/4; LSHR7TBM58]

When the user connects with a unsupported web browser, a link
named "Try Lotus iNotes anyway" is displayed. An attacker can use
a vulnerability of this feature. [grav:2/4; LSHR7TBMQU]

Technical details are unknown.

CHARACTERISTICS

– Identifiers: 7017776, BID-37675, CVE-2009-4594, LSHR7TBLY5,
LSHR7TBM58, LSHR7TBMQU, VIGILANCE-VUL-9330
– Url: http://vigilance.fr/vulnerability/Lotus-iNotes-3-vulnerabilities-9330