IBM : Security Vulnerabilities, CVEs, Published In December 2010 (Bypass)
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
Max CVSS
4.4
EPSS Score
0.04%
Published
2010-12-22
Updated
2011-01-11
1 vulnerabilities found