Description
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
References (4)
Core 4
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0496
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38459
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27018109
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56556
Scores
EPSS
0.0058
EPSS Percentile
43.4%
Details
CWE
CWE-352
Status
published
Products (23)
ibm/lotus_inotes
229.011
ibm/lotus_inotes
229.021
ibm/lotus_inotes
229.031
ibm/lotus_inotes
229.041
ibm/lotus_inotes
229.051
ibm/lotus_inotes
229.061
ibm/lotus_inotes
229.101
ibm/lotus_inotes
229.111
ibm/lotus_inotes
229.131
ibm/lotus_inotes
229.141
... and 13 more
Published
Mar 03, 2010
Tracked Since
Feb 18, 2026