Notes/Domino Fix List
 |  |
| SPR # KEMG6SRVDM | Fixed in 6.5.6; 6.5.5 FP3; 7.0.2 FP1; 7.0.3 release | Security fix |
Product Area: Server Technical Area: Security Platform: Cross Platform
Lotus Customer Support APAR: LO20495
SPR# KEMG6SRVDM - Fixed a potential security issue. See technote #1257026 for more details.
Technote Number: 1257026
Problem:
This issue was reported to Lotus Quality Engineering as SPR # KEMG6SRVDM and
has been fixed in Lotus® Domino® 6.5.6, Domino 7.0.2 Fix Pack 1 (FP1), and
Domino 6.5.5 Fix Pack 3 (FP3).
Attack vector: Remote
Impact: Cross site scripting
Assessing this vulnerability using the Common Vulnerability Scoring System
(CVSS):
CVSS Base Score: 3.5
CVSS Temporal Score: 2.7
CVSS Environmental Score: Undefined*
Overall CVSS Score: 2.7
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the referenced links
below.
Base Score Metrics:
Related exploit range/Attack Vector: Remote
Attack Complexity: Low
Level of Authentication Needed: Not Required
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Impact Value Weighting: Weight Confidentiality
Temporal Score Metrics:
Availability of Exploit: Proof of concept code
Type of Fix available: Official fix
Level of verification that vulnerability exists: Confirmed
References:
Complete CVSS Guide:
http://www.first.org/cvss/cvss-guide.html
Online Calculator:
http://nvd.nist.gov/cvss.cfm?calculator More >
Last Modified on 12/08/2013
Go back
|