Authentication Bypass and Remote Code Execution in IBM Lotus Domino Server Controller

Authentication Bypass and Remote Code Execution in IBM Lotus Domino Server Controller

CVE-2011-1519 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Learn more about our Cis Benchmark Audit For Ibm I.