Unrated severityNVD Advisory· Published Dec 22, 2010· Updated Jun 16, 2026
CVE-2010-4591
CVE-2010-4591
Description
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
Affected products
5cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:*range: <=6.1.3
- cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:*:*:*:*:*:*:*
- (no CPE)range: <6.1.4
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.