IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lotus_connections | Ibm | 3.0 (including) | 3.0 (including) |
References
- http://osvdb.org/70931
- http://secunia.com/advisories/43298
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565
- http://www.ibm.com/support/docview.wss?uid=swg21462435
- http://www.vupen.com/english/advisories/2011/0382
- http://osvdb.org/70931
- http://secunia.com/advisories/43298
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565
- http://www.ibm.com/support/docview.wss?uid=swg21462435
- http://www.vupen.com/english/advisories/2011/0382