CVE-2011-0920

IBM Lotus Domino - Authentication Bypass and Remote Code Execution via UNC Share Pathname

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0920.

AI-analyzed exploit summary This exploit leverages an XML parser vulnerability in IBM Lotus Domino Controller to bypass authentication by injecting malicious XML into IIS log files and using a local applet to trigger the exploit. It demonstrates an authentication bypass via crafted HTTP requests and applet parameters.

Description

The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.

Exploits (1)

exploitdb WORKING POC
htmlremotejsp
https://www.exploit-db.com/exploits/18179

This exploit leverages an XML parser vulnerability in IBM Lotus Domino Controller to bypass authentication by injecting malicious XML into IIS log files and using a local applet to trigger the exploit. It demonstrates an authentication bypass via crafted HTTP requests and applet parameters.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: IBM Lotus Domino Controller <=8.5.2 FP3, <=8.5.3
No auth needed
Prerequisites: Access to target's port 49152 · Ability to inject XML into IIS log files · Local web server to host the exploit HTML
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21461514

Scores

EPSS 0.0374
EPSS Percentile 88.3%

Details

CWE
CWE-287
Status published
Products (1)
ibm/lotus_domino
Published Feb 08, 2011
Tracked Since Feb 18, 2026