CVE-2010-1487

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

I

BM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.

References

Link	Resource
http://secunia.com/advisories/39507	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21427073
http://www.securityfocus.com/bid/39525
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725
http://secunia.com/advisories/39507	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21427073
http://www.securityfocus.com/bid/39525
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5:::::::*

History

21 Nov 2024, 01:14

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/39507 - Vendor Advisory~~	() http://secunia.com/advisories/39507 - Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21427073 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21427073 -
References	~~() http://www.securityfocus.com/bid/39525 -~~	() http://www.securityfocus.com/bid/39525 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725 -

Information

Published : 2010-04-20 15:30

Updated : 2025-04-11 00:51

NVD link : CVE-2010-1487

Mitre link : CVE-2010-1487

CVE.ORG link : CVE-2010-1487

JSON object : View

Products Affected

lotus_notes

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2010-1487", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-04-20T15:30:00.710", "references": [{"url": "http://secunia.com/advisories/39507", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21427073", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/39525", "source": "[email protected]"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/39507", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21427073", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/39525", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG."}, {"lang": "es", "value": "IBM Lotus Notes v7.0, v8.0, y v8.5 almacena credenciales administrativas en cleartext en SURunAs.exe, lo que permite a usuarios locales obtener informaci\u00f3n sensible examinando ese archivo, conocido como SPR JSTN837SEG."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}