Unrated severityNVD Advisory· Published Oct 29, 2007· Updated Apr 23, 2026

CVE-2007-5701

Description

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

Affected products

IBM/Lotus Domino10 versions
cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27321nvdPatchVendor Advisory
www-1.ibm.com/support/docview.wssnvdPatch
www.securityfocus.com/bid/26176nvdPatch
osvdb.org/40952nvd
www.vupen.com/english/advisories/2007/3598nvd
exchange.xforce.ibmcloud.com/vulnerabilities/37372nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000