CVE-2011-1519

IBM Lotus Domino <8.x - Auth Bypass

Title source: llm
STIX 2.1

Description

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alexey Sintsov · htmlremotejsp
https://www.exploit-db.com/exploits/18179

References (7)

Core 7
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-110
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0758
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025241
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/517119/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43860
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46985
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8164

Scores

EPSS 0.0906
EPSS Percentile 92.7%

Details

CWE
CWE-287
Status published
Products (33)
ibm/lotus_domino 7.0
ibm/lotus_domino 7.0.1
ibm/lotus_domino 7.0.1.1
ibm/lotus_domino 7.0.2
ibm/lotus_domino 7.0.2.1
ibm/lotus_domino 7.0.2.2
ibm/lotus_domino 7.0.2.3
ibm/lotus_domino 7.0.3
ibm/lotus_domino 7.0.3.1
ibm/lotus_domino 7.0.4
... and 23 more
Published Mar 25, 2011
Tracked Since Feb 18, 2026