CVE-2010-4593 - Vulnerability Details - OpenCVE

ReportizFlow

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Mobile Connect

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_mobile_connect::::::::
	cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:::::::*
	cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:::::::*
	cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/42703
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012
http://www-01.ibm.com/support/docview.wss?uid=swg27020327

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-22T20:00:00

Updated: 2024-08-07T03:51:17.484Z

Reserved: 2010-12-22T00:00:00

Link: CVE-2010-4593

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-12-22T21:00:19.943

Modified: 2024-11-21T01:21:17.097

Link: CVE-2010-4593

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-11T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "42703", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42703"}, {"name": "IZ75012", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2010-4593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42703", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42703"}, {"name": "IZ75012", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.484Z"}, "title": "CVE Program Container", "references": [{"name": "42703", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42703"}, {"name": "IZ75012", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4593", "datePublished": "2010-12-22T20:00:00", "dateReserved": "2010-12-22T00:00:00", "dateUpdated": "2024-08-07T03:51:17.484Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:*", "matchCriteriaId": "75136F07-4EFA-416D-BCAC-F7F30C01BC07", "versionEndIncluding": "6.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A28E8A18-0943-4568-B083-C765E8ED1D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AF526B5-BEE8-49B8-9689-E5DED3D86CF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8B5A2F13-8DCE-4ED1-8E16-9A6BF8C45DD8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices."}, {"lang": "es", "value": "Connection Manager en IBM Lotus Mobile Connect anterior v6.1.4 no mantiene adecuadamente cierta cuenta referenciada, lo que permite a usuarios identificados remotamente causar una denegaci\u00f3n de servicio (agotamiento de direcci\u00f3n IP) por creaci\u00f3n de peticiones inv\u00e1lidas para establecer sesiones con el mismo ID VPN para m\u00faltiples dispositivos. \r\n\r\n"}], "id": "CVE-2010-4593", "lastModified": "2024-11-21T01:21:17.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-22T21:00:19.943", "references": [{"source": "[email protected]", "url": "http://secunia.com/advisories/42703"}, {"source": "[email protected]", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012"}, {"source": "[email protected]", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "[email protected]", "type": "Primary"}]}