Vulnerability Details : CVE-2010-1487
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
Exploit prediction scoring system (EPSS) score for CVE-2010-1487
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1487
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-1487
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1487
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725
Repository / Oval Repository
-
http://www-01.ibm.com/support/docview.wss?uid=swg21427073
Security considerations & recommendations for running SURunAs
-
http://www.securityfocus.com/bid/39525
IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability
Products affected by CVE-2010-1487
- cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*