CERTA-2005-AVI-265

Vulnerability from certfr_avis - Published: 2005-07-15 - Updated: 2005-07-15

None

Description

Une vulnérabilité dans IBM Lotus Notes permet à un utilisateur mal intentionné, via un fichier HTML malicieusement construit, envoyé en attachement d'un message électronique, de réaliser une attaque de type cross-site scripting.

Solution

Se référer au bulletin de sécurité IBM (cf. Section Documentation).

IBM Lotus Notes version 6.5.4 et versions antérieures.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM Lotus Notes version 6.5.4 et  versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans IBM Lotus Notes permet \u00e0 un utilisateur mal\nintentionn\u00e9, via un fichier HTML malicieusement construit, envoy\u00e9 en\nattachement d\u0027un message \u00e9lectronique, de r\u00e9aliser une attaque de type\ncross-site scripting.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 IBM (cf. Section Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-07-15T00:00:00",
  "last_revision_date": "2005-07-15T00:00:00",
  "links": [
    {
      "title": "Site Internet de IBM Lotus :",
      "url": "http://www-306.ibm.com/software/lotus/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM #1211783 du 13 juillet 2005 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21211783"
    }
  ],
  "reference": "CERTA-2005-AVI-265",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Cross-site scripting"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de IBM Lotus Notes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 1211783 du 13 juillet 2005",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.