CVE-2010-4593
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
22/12/2010
Last modified:
11/04/2025
Description
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:* | 6.1.3 (including) | |
| cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/42703
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012
- http://www-01.ibm.com/support/docview.wss?uid=swg27020327
- http://secunia.com/advisories/42703
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012
- http://www-01.ibm.com/support/docview.wss?uid=swg27020327