Vulnerability Details : CVE-2007-5701
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
Vulnerability category: Information leak
Products affected by CVE-2007-5701
- cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*
Threat overview for CVE-2007-5701
Top countries where our scanners detected CVE-2007-5701
Top open port discovered on systems with this issue
110
IPs affected by CVE-2007-5701 109
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-5701!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-5701
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5701
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2007-5701
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5701
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37372
-
http://www.vupen.com/english/advisories/2007/3598
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/26176
Patch
-
http://www-1.ibm.com/support/docview.wss?uid=swg21261095
Patch
Jump to