OpenCVE

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Domino

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_domino:6.5.5:::::::*
	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp1:::::
	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp2:::::
	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp3:::::
	cpe:2.3:a:ibm:lotus_domino:6.5.6:::::::*
	cpe:2.3:a:ibm:lotus_domino:6.5.6::fp1:::::
	cpe:2.3:a:ibm:lotus_domino:7.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:7.0.2:::::::*
	cpe:2.3:a:ibm:lotus_domino:7.0.2::fp1:::::
	cpe:2.3:a:ibm:lotus_domino:7.0.2::fp2:::::

No data.

References

Link	Providers
http://osvdb.org/40951
http://secunia.com/advisories/27321
http://www-1.ibm.com/support/docview.wss?uid=swg21273266
http://www.securityfocus.com/bid/26176
http://www.vupen.com/english/advisories/2007/3598
https://exchange.xforce.ibmcloud.com/vulnerabilities/37369

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-29T21:00:00

Updated: 2024-08-07T15:39:13.564Z

Reserved: 2007-10-29T00:00:00

Link: CVE-2007-5700

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-29T21:46:00.000

Modified: 2024-11-21T00:38:29.563

Link: CVE-2007-5700

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "40951", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40951"}, {"name": "domino-lotusscript-information-disclosure(37369)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"}, {"name": "ADV-2007-3598", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3598"}, {"name": "26176", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26176"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"}, {"name": "27321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27321"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "40951", "refsource": "OSVDB", "url": "http://osvdb.org/40951"}, {"name": "domino-lotusscript-information-disclosure(37369)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"}, {"name": "ADV-2007-3598", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3598"}, {"name": "26176", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26176"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"}, {"name": "27321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27321"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.564Z"}, "title": "CVE Program Container", "references": [{"name": "40951", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40951"}, {"name": "domino-lotusscript-information-disclosure(37369)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"}, {"name": "ADV-2007-3598", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3598"}, {"name": "26176", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26176"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"}, {"name": "27321", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27321"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5700", "datePublished": "2007-10-29T21:00:00", "dateReserved": "2007-10-29T00:00:00", "dateUpdated": "2024-08-07T15:39:13.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*", "matchCriteriaId": "7B0B5F96-0762-45D3-B13E-1E4ED04AD69D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*", "matchCriteriaId": "DB1EA406-6488-46C0-B857-0BFFAA65B258", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*", "matchCriteriaId": "D36E3D33-5A60-4846-BED2-8BF3AFC9BBE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*", "matchCriteriaId": "1DD8A9BA-5E05-47D8-9C15-60A49A3C3141", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*", "matchCriteriaId": "4A7F62D7-8225-4B84-A3CE-B91616B5AAD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*", "matchCriteriaId": "82718D37-02FA-4EA0-ABB6-167B5A0A2F0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information."}, {"lang": "es", "value": "El m\u00e9todo Evaluate LotusScript de IBM Lotus Domino versiones anteriores a 7.0.3 utiliza un contexto de seguridad incorrecto para comandos de f\u00f3rumla @ en algunas circustancias, lo cual podr\u00eda permitir a usuarios remotos autenticados obtener privilegios y conseguir informaci\u00f3n confidencial. \r\n"}], "id": "CVE-2007-5700", "lastModified": "2024-11-21T00:38:29.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-29T21:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/40951"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27321"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26176"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3598"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}