CVE DATABASE / CVE-2004-0480
CVE-2004-0480
CVSS 10 · HIGH
Summary
Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.
CVSS 2.0 breakdown
| Base score | 10 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Weakness type (CWE)
Affected products
Ibm lotus notes
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=108843896506099&w=2
- http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510
- http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities
- http://www.securityfocus.com/bid/10600
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16496
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.