Unrated severityNVD Advisory· Published Nov 10, 2006· Updated Jun 16, 2026
CVE-2006-5835
CVE-2006-5835
Description
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
Affected products
17cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*
- (no CPE)range: <6.5.5 FP2, <7.0.2
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/22741nvdPatchVendor Advisory
- www-1.ibm.com/support/docview.wssnvdPatch
- www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdfnvdExploitVendor Advisory
- securitytracker.com/idnvd
- www.securityfocus.com/bid/20960nvd
- www.vupen.com/english/advisories/2006/4411nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30118nvd
News mentions
0No linked articles in our index yet.