The Connection Manager in IBM Lotus Mobile Connect prior to 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote malicious users to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus mobile connect 6.1.1 |
||
ibm lotus mobile connect |
||
ibm lotus mobile connect 6.1.1.1 |
||
ibm lotus mobile connect 6.1.2 |