CVE-2007-5701
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
29/10/2007
Last modified:
09/04/2025
Description
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:* | ||
| cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/40952
- http://secunia.com/advisories/27321
- http://www-1.ibm.com/support/docview.wss?uid=swg21261095
- http://www.securityfocus.com/bid/26176
- http://www.vupen.com/english/advisories/2007/3598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37372
- http://osvdb.org/40952
- http://secunia.com/advisories/27321
- http://www-1.ibm.com/support/docview.wss?uid=swg21261095
- http://www.securityfocus.com/bid/26176
- http://www.vupen.com/english/advisories/2007/3598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37372