Unrated severityNVD Advisory· Published Mar 25, 2011· Updated Apr 29, 2026
CVE-2011-1519
CVE-2011-1519
Description
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
Affected products
33cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/43860nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0758nvdVendor Advisory
- securityreason.com/securityalert/8164nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/517119/100/0/threadednvd
- www.securityfocus.com/bid/46985nvd
- www.zerodayinitiative.com/advisories/ZDI-11-110nvd
News mentions
0No linked articles in our index yet.