Unrated severityNVD Advisory· Published Dec 16, 2010· Updated Apr 29, 2026

CVE-2009-5033

Description

IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread.

Affected products

IBM/Lotus Notes Traveler6 versions
cpe:2.3:a:ibm:lotus_notes_traveler:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:ibm:lotus_notes_traveler:*:*:*:*:*:*:*:*range: <=8.5.0.1
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-1.ibm.com/support/docview.wssnvdVendor Advisory
www-01.ibm.com/support/docview.wssnvd
www-10.lotus.com/ldd/dominowiki.nsf/page.xspnvd
exchange.xforce.ibmcloud.com/vulnerabilities/64742nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000