The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lotus_domino | Ibm | 7.0 (including) | 7.0 (including) |
| Lotus_domino | Ibm | 7.0.1 (including) | 7.0.1 (including) |
| Lotus_domino | Ibm | 7.0.1.1 (including) | 7.0.1.1 (including) |
| Lotus_domino | Ibm | 7.0.2 (including) | 7.0.2 (including) |
| Lotus_domino | Ibm | 7.0.2.1 (including) | 7.0.2.1 (including) |
| Lotus_domino | Ibm | 7.0.2.2 (including) | 7.0.2.2 (including) |
| Lotus_domino | Ibm | 7.0.2.3 (including) | 7.0.2.3 (including) |
| Lotus_domino | Ibm | 7.0.3 (including) | 7.0.3 (including) |
| Lotus_domino | Ibm | 7.0.3.1 (including) | 7.0.3.1 (including) |
| Lotus_domino | Ibm | 7.0.4 (including) | 7.0.4 (including) |
| Lotus_domino | Ibm | 7.0.4.1 (including) | 7.0.4.1 (including) |
| Lotus_domino | Ibm | 7.0.4.2 (including) | 7.0.4.2 (including) |