CVE-2011-1519

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Published: Mar 25, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-1519
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / lotus_domino	7.0.2.2	7.0.2.2.x
ibm / lotus_domino	7.0.4	7.0.4.x
ibm / lotus_domino	7.0.4.2	7.0.4.2.x
ibm / lotus_domino	7.0.1.1	7.0.1.1.x
ibm / lotus_domino	7.0.2.1	7.0.2.1.x
ibm / lotus_domino	7.0.2.3	7.0.2.3.x
ibm / lotus_domino	7.0.4.1	7.0.4.1.x
ibm / lotus_domino	7.0.3	7.0.3.x
ibm / lotus_domino	7.0	7.0.x
ibm / lotus_domino	7.0.2	7.0.2.x
ibm / lotus_domino	7.0.1	7.0.1.x
ibm / lotus_domino	7.0.3.1	7.0.3.1.x
ibm / lotus_domino	8.0.2.4	8.0.2.4.x
ibm / lotus_domino	8.5.1.1	8.5.1.1.x
ibm / lotus_domino	8.5.1.4	8.5.1.4.x
ibm / lotus_domino	8.0.2	8.0.2.x
ibm / lotus_domino	8.5.2.2	8.5.2.2.x
ibm / lotus_domino	8.0.2.3	8.0.2.3.x
ibm / lotus_domino	8.5.2.1	8.5.2.1.x
ibm / lotus_domino	8.5.1	8.5.1.x
ibm / lotus_domino	8.5.0.1	8.5.0.1.x
ibm / lotus_domino	8.5.0	8.5.0.x
ibm / lotus_domino	8.5.3	8.5.3.x
ibm / lotus_domino	8.0.2.1	8.0.2.1.x
ibm / lotus_domino	8.0.2.6	8.0.2.6.x
ibm / lotus_domino	8.5.1.2	8.5.1.2.x
ibm / lotus_domino	8.0.2.5	8.0.2.5.x
ibm / lotus_domino	8.5.2	8.5.2.x
ibm / lotus_domino	8.0.2.2	8.0.2.2.x
ibm / lotus_domino	8.0	8.0.x
ibm / lotus_domino	8.5.1.5	8.5.1.5.x
ibm / lotus_domino	8.0.1	8.0.1.x
ibm / lotus_domino	8.5.1.3	8.5.1.3.x

Vulnerability Database

289,784

CVE-2011-1519