IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
2010-12-16T20:00:16.740
2025-04-11T00:51:21.963
Deferred
CVSSv2: 3.5 (LOW)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | lotus_notes_traveler | ≤ 8.5.1.2 | Yes |
| Application | ibm | lotus_notes_traveler | 8.0 | Yes |
| Application | ibm | lotus_notes_traveler | 8.0.1 | Yes |
| Application | ibm | lotus_notes_traveler | 8.0.1.2 | Yes |
| Application | ibm | lotus_notes_traveler | 8.0.1.3 | Yes |
| Application | ibm | lotus_notes_traveler | 8.5.0.0 | Yes |
| Application | ibm | lotus_notes_traveler | 8.5.0.1 | Yes |
| Application | ibm | lotus_notes_traveler | 8.5.0.2 | Yes |
| Application | ibm | lotus_notes_traveler | 8.5.1.1 | Yes |