CVE-2005-2454

Severity

46%

Complexity

39%

Confidentiality

106%

Update to version 7.0.2.

IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.

Update to version 7.0.2.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

IBM Lotus Notes

First reported 19 years ago

2005-12-31 05:00:00

Last updated 6 years ago

2018-10-19 15:32:00

Affected Software

IBM Lotus Notes 6.5.4

6.5.4

IBM Lotus Notes 6.5.5

6.5.5

IBM Lotus Notes 7.0.0

7.0.0

IBM Lotus Notes 7.0.1

7.0.1

References

19537

Vendor Advisory

27342

Vendor Advisory

http://secunia.com/secunia_research/2005-29/advisory/

Vendor Advisory

1017086

VU#383092

US Government Resource

29761

20061018 Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions

20612

ADV-2006-4093

Vendor Advisory

http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773

lotusnotes-directory-insecure-permission(29660)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.