FKIE_CVE-2010-4551

Vulnerability from fkie_nvd - Published: 2010-12-16 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation.
References
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1LO49829Vendor Advisory
cve@mitre.orghttp://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes
cve@mitre.orghttp://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1LO49829Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes
af854a3a-2127-422b-91ae-364da2661108http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument
Impacted products
Vendor Product Version
ibm lotus_notes_traveler *
ibm lotus_notes_traveler 8.0
ibm lotus_notes_traveler 8.0.1
ibm lotus_notes_traveler 8.0.1.2
ibm lotus_notes_traveler 8.0.1.3
ibm lotus_notes_traveler 8.5.0.0
ibm lotus_notes_traveler 8.5.0.1
ibm lotus_notes_traveler 8.5.0.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00ACA086-1D27-4FEA-A70A-4219ACADF6ED",
              "versionEndIncluding": "8.5.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F9782A-17B1-4258-8B03-483328EFB01D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E40AA1-CF34-4757-8EE1-873A5B199496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3997E3C6-1822-4DBB-A6E1-B46F4E0CF3B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "35746885-CB26-4527-AB17-BBEF37A33F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE0191C-D6EF-486A-B497-9692D2892DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3021AA-7337-46B2-AECE-D4C93C032578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "29746507-F154-4216-B560-1D9243D5FF7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation."
    },
    {
      "lang": "es",
      "value": "IBM Lotus Notes Traveler anterior a v8.5.1.2 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero nulo -NULL- y ca\u00edda de demonio), omitiendo el campo de la identificaci\u00f3n de Internet en el documento de persona, y despu\u00e9s usar un dispositivo de Apple para (1) aceptar o (2) rechazar una invitaci\u00f3n."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2010-4551",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-16T20:00:17.020",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49829"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466\u0026action=openDocument"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466\u0026action=openDocument"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.