CVE-2007-5700 : The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula comman

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.

Published 2007-10-29 21:46:00

Updated 2017-07-29 01:33:49

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2007-5700

Top countries where our scanners detected CVE-2007-5700

Top open port discovered on systems with this issue 110

IPs affected by CVE-2007-5700 109

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2007-5700!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2007-5700

Probability of exploitation activity in the next 30 days: 0.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-5700

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	AV:N/AC:M/Au:S/C:C/I:N/A:N	6.8	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2007-5700

https://exchange.xforce.ibmcloud.com/vulnerabilities/37369
http://www-1.ibm.com/support/docview.wss?uid=swg21273266

Patch
http://www.vupen.com/english/advisories/2007/3598

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.securityfocus.com/bid/26176

Patch

CVEs referencing this url

Products affected by CVE-2007-5700

IBM » Lotus Domino » Version: 7.0
cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 7.0.2
cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 6.5.5
cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 6.5.5 FP1 Edition
cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 6.5.5 FP2 Edition
cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 6.5.6
cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 6.5.6 FP1 Edition
cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 6.5.5 FP3 Edition
cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 7.0.2 FP1 Edition
cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
Matching versions
IBM » Lotus Domino » Version: 7.0.2 FP2 Edition
cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-5700

Threat overview for CVE-2007-5700

Exploit prediction scoring system (EPSS) score for CVE-2007-5700

CVSS scores for CVE-2007-5700

References for CVE-2007-5700

Products affected by CVE-2007-5700