CVE-2010-4546 - Vulnerability Details - OpenCVE

IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Notes Traveler

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_notes_traveler::::::::
	cpe:2.3:a:ibm:lotus_notes_traveler:8.0:::::::*
	cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:::::::*
	cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:::::::*
	cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:::::::*
	cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:::::::*

No data.

References

Link	Providers
http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes
http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-16T19:45:00Z

Updated: 2024-09-16T19:01:45.047Z

Reserved: 2010-12-16T00:00:00Z

Link: CVE-2010-4546

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-12-16T20:00:16.677

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-4546

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-12-16T19:45:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"}, {"name": "LO49840", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4546", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", "refsource": "CONFIRM", "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument"}, {"name": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes", "refsource": "CONFIRM", "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"}, {"name": "LO49840", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.808Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"}, {"name": "LO49840", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4546", "datePublished": "2010-12-16T19:45:00Z", "dateReserved": "2010-12-16T00:00:00Z", "dateUpdated": "2024-09-16T19:01:45.047Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:*:*:*:*:*:*:*:*", "matchCriteriaId": "00ACA086-1D27-4FEA-A70A-4219ACADF6ED", "versionEndIncluding": "8.5.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6F9782A-17B1-4258-8B03-483328EFB01D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "27E40AA1-CF34-4757-8EE1-873A5B199496", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3997E3C6-1822-4DBB-A6E1-B46F4E0CF3B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "35746885-CB26-4527-AB17-BBEF37A33F70", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6AE0191C-D6EF-486A-B497-9692D2892DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE3021AA-7337-46B2-AECE-D4C93C032578", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "29746507-F154-4216-B560-1D9243D5FF7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request."}, {"lang": "es", "value": "IBM Lotus Notes Traveler anterior a v8.5.1.2 no rechaza una petici\u00f3n de descarga de adjuntos para un mensaje e-mail con un atributo 'Prevent Copy', lo que permite a usuarios autenticados superar las restricciones a trav\u00e9s de esta petici\u00f3n."}], "id": "CVE-2010-4546", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-16T20:00:16.677", "references": [{"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840"}, {"source": "cve@mitre.org", "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"}, {"source": "cve@mitre.org", "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}