IBM » Lotus Notes : Security Vulnerabilities, CVEs, Published In 2012
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-12-19
Updated
2017-08-29
CVE-2012-2174
Public exploit
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
Max CVSS
9.3
EPSS Score
97.07%
Published
2012-06-20
Updated
2017-08-29
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.9
EPSS Score
0.06%
Published
2012-09-07
Updated
2012-09-07
3 vulnerabilities found