Vulnerability Details : CVE-2010-1487
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
Products affected by CVE-2010-1487
- cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1487
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1487
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-1487
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1487
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725
Repository / Oval Repository
-
http://www-01.ibm.com/support/docview.wss?uid=swg21427073
Security considerations & recommendations for running SURunAs
-
http://www.securityfocus.com/bid/39525
IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability
Jump to