Unrated severityNVD Advisory· Published Jul 24, 2006· Updated Jun 16, 2026

CVE-2006-3778

Description

IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

IBM/Lotus Notes4 versions
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
- (no CPE)range: 6.0, 6.5, 7.0

Patches

Vulnerability mechanics

References

www-1.ibm.com/support/docview.wssnvdExploit
secunia.com/advisories/21096nvdVendor Advisory
securitytracker.com/idnvd
securitytracker.com/idnvd
www-1.ibm.com/support/docview.wssnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000