The Connection Manager in IBM Lotus Mobile Connect prior to 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus mobile connect |
||
ibm lotus mobile connect 6.1.2 |
||
ibm lotus mobile connect 6.1.1.1 |
||
ibm lotus mobile connect 6.1.1 |