CVE-2006-1948
First published: Thu Apr 20 2006(Updated: )
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Notes | =6.0 | |
| IBM Notes | =6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-1948?
CVE-2006-1948 is classified as a moderate severity vulnerability.
How do I fix CVE-2006-1948?
To fix CVE-2006-1948, upgrade your IBM Lotus Notes to version 6.5 or later.
What software versions are affected by CVE-2006-1948?
CVE-2006-1948 affects IBM Lotus Notes versions 6.0 and 6.5 prior to the 20060331 update.
What type of attack can exploit CVE-2006-1948?
CVE-2006-1948 may allow for user-assisted remote exploitation through manipulation of email messages.
Is user interaction required to exploit CVE-2006-1948?
Yes, user interaction is required to exploit CVE-2006-1948 during the process of adding senders to the address book.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm notes
- version/ibm notes/6.0
- version/ibm notes/6.5