CVE-2011-1519

Published: Mar 25, 2011Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Affected (33)

Products: Ibm: Lotus Domino

Ibm

1 product

Lotus Domino

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Ibm Lotus Domino	Version 7.0.1.1
Ibm Lotus Domino	Version 7.0.1
Ibm Lotus Domino	Version 7.0.2.1
Ibm Lotus Domino	Version 7.0.2.2
Ibm Lotus Domino	Version 7.0.2.3
Ibm Lotus Domino	Version 7.0.2
Ibm Lotus Domino	Version 7.0.3.1
Ibm Lotus Domino	Version 7.0.3
Ibm Lotus Domino	Version 7.0.4.1
Ibm Lotus Domino	Version 7.0.4.2
Ibm Lotus Domino	Version 7.0.4
Ibm Lotus Domino	Version 7.0

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Ibm Lotus Domino	Version 8.0.1
Ibm Lotus Domino	Version 8.0.2.1
Ibm Lotus Domino	Version 8.0.2.2
Ibm Lotus Domino	Version 8.0.2.3
Ibm Lotus Domino	Version 8.0.2.4
Ibm Lotus Domino	Version 8.0.2.5
Ibm Lotus Domino	Version 8.0.2.6
Ibm Lotus Domino	Version 8.0.2
Ibm Lotus Domino	Version 8.0
Ibm Lotus Domino	Version 8.5.0.1
Ibm Lotus Domino	Version 8.5.0
Ibm Lotus Domino	Version 8.5.1.1
Ibm Lotus Domino	Version 8.5.1.2
Ibm Lotus Domino	Version 8.5.1.3
Ibm Lotus Domino	Version 8.5.1.4
Ibm Lotus Domino	Version 8.5.1.5
Ibm Lotus Domino	Version 8.5.1
Ibm Lotus Domino	Version 8.5.2.1
Ibm Lotus Domino	Version 8.5.2.2
Ibm Lotus Domino	Version 8.5.2
Ibm Lotus Domino	Version 8.5.3