The Connection Manager in IBM Lotus Mobile Connect (LMC) prior to 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate malicious users to obtain access via an unattended client, related to a cookie domain mismatch.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus mobile connect 6.1.2 |
||
ibm lotus mobile connect 6.1.1.1 |
||
ibm lotus mobile connect |
||
ibm lotus mobile connect 6.1.1 |