Vulnerabilities > CVE-2010-1487 - Credentials Management vulnerability in IBM Lotus Notes 7.0/8.0/8.5

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
ibm
CWE-255
NVD
Published: 2010-04-20
Updated: 2017-09-19

Summary

IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.

Vulnerable Configurations

Part Description Count
Application
Ibm
3

Common Weakness Enumeration (CWE)

Oval

accepted2015-06-15T04:00:09.976-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentIBM Lotus Notes is installed
    ovaloval:org.mitre.oval:def:11999
  • commentIBM Lotus Notes is installed
    ovaloval:org.mitre.oval:def:11999
descriptionIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
familywindows
idoval:org.mitre.oval:def:14725
statusaccepted
submitted2011-12-16T09:51:32.000-05:00
titleIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
version8

References