Vulnerability Details : CVE-2013-0522
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.
Vulnerability category: Information leak
Products affected by CVE-2013-0522
- cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:9.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0522
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0522
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2013-0522
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0522
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82531
IBM Notes client Single Logon password retrieval CVE-2013-0522 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=swg21634508
IBM Security Bulletin: For safer IBM Notes single sign on with Windows, use Notes Shared Login or Notes Federated Login (CVE-2013-0522)Vendor Advisory
Jump to