CVE

Id
4431  
CVE No.
CVE-2002-0037  
Status
Candidate  
Description
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document"s object via a Notes API call (NSFDbReadObject) that directly accesses the object.  
Phase
Modified (20050528)  
Votes
ACCEPT(3) Cole, Green, Wall | MODIFY(1) Frech | NOOP(4) Armstrong, Christey, Cox, Foat  
Comments
Christey> Need to find some references for these... probably in | the CERT/CC vulnerability notes. | Frech> XF:lotus-domino-nsfdbreadobject(10095) | http://www.kb.cert.org/vuls/id/657899 | CONFIRM: | http://www-1.ibm.com/support/docview.wss?rs=1&org=sims&doc=CCA46CF459B | A6E4A85256AE3007C92C1 | Christey> Is this the same issue here? | BUGTRAQ:20011217 Lotus Notes: File attachments may be extracted regardless of document security | URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
21375 4431 CVE-2002-0037 BUGTRAQ:20010917 Lotus Notes: File attachments may be extracted regardless of document security  View
21376 4431 CVE-2002-0037 URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html  View
21377 4431 CVE-2002-0037 BUGTRAQ:20010917 Re: Lotus Notes: File attachments may be extracted regardless of document security  View
21378 4431 CVE-2002-0037 URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0150.html  View
21379 4431 CVE-2002-0037 CERT-VN:VU#657899  View
21380 4431 CVE-2002-0037 URL:http://www.kb.cert.org/vuls/id/657899  View
21381 4431 CVE-2002-0037 XF:lotus-domino-nsfdbreadobject(10095)  View

Related JVN