Vulnerabilities

CVE-2010-4591

by Fred · 22/12/2010

The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.

Date published : 2010-12-22

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74393

http://www-01.ibm.com/support/docview.wss?uid=swg27020327

Similar

Tags: Cybersecurity Alert