CVE-2012-5309

IBM Lotus Notes Traveler <8.5.3.3 - Auth Bypass

Title source: llm

Description

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

References (1)

Core 1

Core References

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html

Scores

EPSS 0.0134

EPSS Percentile 67.7%

Details

CWE

CWE-287

Status published

Products (11)

ibm/lotus_notes_traveler 8.5.0.0

ibm/lotus_notes_traveler 8.5.0.1

ibm/lotus_notes_traveler 8.5.0.2

ibm/lotus_notes_traveler 8.5.1.1

ibm/lotus_notes_traveler 8.5.1.2

ibm/lotus_notes_traveler 8.5.1.3

ibm/lotus_notes_traveler 8.5.2.1

ibm/lotus_notes_traveler 8.5.3

ibm/lotus_notes_traveler 8.5.3.1

ibm/lotus_notes_traveler 8.5.3.2

... and 1 more

Published Oct 08, 2012

Tracked Since Feb 18, 2026