CVE-2010-0921: CSRF
First published: Wed Mar 03 2010(Updated: )
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM iNotes | <=229.271 | |
| IBM iNotes | =229.011 | |
| IBM iNotes | =229.021 | |
| IBM iNotes | =229.031 | |
| IBM iNotes | =229.041 | |
| IBM iNotes | =229.051 | |
| IBM iNotes | =229.061 | |
| IBM iNotes | =229.101 | |
| IBM iNotes | =229.111 | |
| IBM iNotes | =229.131 | |
| IBM iNotes | =229.141 | |
| IBM iNotes | =229.151 | |
| IBM iNotes | =229.161 | |
| IBM iNotes | =229.171 | |
| IBM iNotes | =229.181 | |
| IBM iNotes | =229.191 | |
| IBM iNotes | =229.201 | |
| IBM iNotes | =229.211 | |
| IBM iNotes | =229.221 | |
| IBM iNotes | =229.231 | |
| IBM iNotes | =229.241 | |
| IBM iNotes | =229.251 | |
| IBM iNotes | =229.261 | |
| IBM Lotus Domino R5 | =8.0.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-0921?
CVE-2010-0921 is classified as a high severity Cross-site request forgery (CSRF) vulnerability.
How do I fix CVE-2010-0921?
To fix CVE-2010-0921, you should upgrade IBM Lotus iNotes to version 229.281 or later.
What does CVE-2010-0921 affect?
CVE-2010-0921 affects various versions of IBM Lotus iNotes prior to version 229.281.
What is the impact of CVE-2010-0921?
The impact of CVE-2010-0921 includes the potential for remote attackers to hijack user authentication.
Is there a workaround for CVE-2010-0921?
There are no known workarounds for CVE-2010-0921; the only solution is to apply the security update.
- collector/nvd-historical
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm inotes
- version/ibm inotes/229.271
- version/ibm inotes/229.011
- version/ibm inotes/229.021
- version/ibm inotes/229.031
- version/ibm inotes/229.041
- version/ibm inotes/229.051
- version/ibm inotes/229.061
- version/ibm inotes/229.101
- version/ibm inotes/229.111
- version/ibm inotes/229.131
- version/ibm inotes/229.141
- version/ibm inotes/229.151
- version/ibm inotes/229.161
- version/ibm inotes/229.171
- version/ibm inotes/229.181
- version/ibm inotes/229.191
- version/ibm inotes/229.201
- version/ibm inotes/229.211
- version/ibm inotes/229.221
- version/ibm inotes/229.231
- version/ibm inotes/229.241
- version/ibm inotes/229.251
- version/ibm inotes/229.261
- canonical/ibm lotus domino r5
- version/ibm lotus domino r5/8.0.2.4