The web container in IBM Lotus Expeditor 6.1.x and 6.2.x prior to 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote malicious users to spoof a localhost request origin via crafted headers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus expeditor 6.2.2 |
||
ibm lotus expeditor 6.2.3 |
||
ibm lotus expeditor 6.1 |
||
ibm lotus expeditor 6.1.1 |
||
ibm lotus expeditor 6.2 |
||
ibm lotus expeditor 6.2.1 |