| CVE-2010-4591 | Date: (C)2010-12-22 (M)2023-12-22 |
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 4.4 |
| Exploit Score: 3.4 |
| Impact Score: 6.4 |
| |
| CVSS V2 Metrics: |
| Access Vector: LOCAL |
| Access Complexity: MEDIUM |
| Authentication: NONE |
| Confidentiality: PARTIAL |
| Integrity: PARTIAL |
| Availability: PARTIAL |
| | |
