Security Bulletin: IBM Lotus Notes Traveler open redirect (CVE-2012-4824) and cross-site scripting vulnerability (CVE-2012-4825)

Flash (Alert)


Abstract

IBM Lotus Notes Traveler has one open redirect vulnerability (fixed in both 8.5.3.3 Interim Fix 1 and 8.5.3 Upgrade Pack 1 Interim Fix 1) and one cross-site scripting vulnerability (fixed in release 8.5.3.2).

Content


Note that the following vulnerabilities are related to a rare, one-time user operation and require that the attacker have explicit knowledge of the time of that operation.


VULNERABILITY DETAILS: IBM Lotus Notes Traveler Open Redirect Vulnerability


    CVE ID: CVE-2012-4824

    CVSS:
    Using the Common Vulnerability Scoring System (CVSS) v2, the security rating for this issue is:

    CVSS Base Score: 4.3
    CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/78815 for the current score.
    CVSS Environmental Score: Undefined
    CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

    Access Vector: Network Access Complexity: Medium
    Authentication: No Confidentiality Impact: None
    Integrity Impact: Partial Availability Impact: None


    AFFECTED PLATFORMS:

    Lotus Notes Traveler release 8.5.3 only (8.5.2 and lower are not affected)

    REMEDIATION:

    Fix:

    This issue is resolved in both 8.5.3.3. Interim Fix 1 and Interim Fix 1 for Notes Traveler 8.5.3 Upgrade Pack 1. You can download these Interim Fixes from Fix Central via the direct links below.



    Interim Fix 1 for Notes Traveler 8.5.3.3 (released 15 September 2012)

    Platform
    Fix Central ID
    Download link & filename
    Windows
    LNT_8533_IF1_WIN
    Linux
    LNT_8533_IF1_LINUX


    Interim Fix 1 for Notes Traveler 8.5.3 Upgrade Pack 1 (released 14 September 2012)

    Platform
    Fix Central ID
    Download link & filename
    Windows
    LNT_853_UP1_IF1_WIN
    Linux
    LNT_853_UP1_IF1_Linux

    Workaround:

    None

    Mitigation(s):

    None


VULNERABILITY DETAILS: IBM Lotus Notes Traveler Cross-Site Scripting in ILNT.mobileconfig



References:


RELATED INFORMATION:
ACKNOWLEDGEMENT:
These vulnerabilities were reported to IBM by researcher Eugene Dokukin (MustLive). For further information, refer to the following Web site: http://websecurity.com.ua/5839/


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Notes Traveler
Security

Software version:

8.5, 8.5.1, 8.5.2, 8.5.3

Operating system(s):

Linux, Windows

Reference #:

1612229

Modified date:

2012-10-03

Translate my page

Machine Translation

Content navigation