Lotus Expeditor
by IBM
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1129 | Med | 0.48 | 6.5 | 0.30 | Sep 5, 2017 | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. | ||
| CVE-2008-1965 | 0.04 | — | 0.11 | Apr 25, 2008 | Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai:… | |||
| CVE-2012-0191 | 0.00 | — | 0.01 | Jun 22, 2012 | The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. | |||
| CVE-2012-0187 | 0.00 | — | 0.02 | Jun 22, 2012 | Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||
| CVE-2012-0186 | 0.00 | — | 0.02 | Jun 22, 2012 | Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL. |
- risk 0.48cvss 6.5epss 0.30
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
- CVE-2008-1965Apr 25, 2008risk 0.04cvss —epss 0.11
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai:…
- CVE-2012-0191Jun 22, 2012risk 0.00cvss —epss 0.01
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.
- CVE-2012-0187Jun 22, 2012risk 0.00cvss —epss 0.02
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
- CVE-2012-0186Jun 22, 2012risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL.