CVE-2010-0921

IBM Lotus iNotes < 229.281 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0496
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38459
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27018109
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56556

Scores

EPSS 0.0058
EPSS Percentile 43.4%

Details

CWE
CWE-352
Status published
Products (23)
ibm/lotus_inotes 229.011
ibm/lotus_inotes 229.021
ibm/lotus_inotes 229.031
ibm/lotus_inotes 229.041
ibm/lotus_inotes 229.051
ibm/lotus_inotes 229.061
ibm/lotus_inotes 229.101
ibm/lotus_inotes 229.111
ibm/lotus_inotes 229.131
ibm/lotus_inotes 229.141
... and 13 more
Published Mar 03, 2010
Tracked Since Feb 18, 2026