Security Alert (A15-12-01): Multiple Vulnerabilities in IBM Notes and Domino


 

Published on: 02 December 2015

  
  

Description:

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (October 2015) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.


Affected Systems:

  • IBM Notes and Domino 9.0.1 through Notes 9.0.1 Fix Pack 4 Interim Fix 2 and Domino 9.0.1 Fixed Pack 4 Interim Fix 3
  • IBM Notes and Domino 8.5.3 through Notes 8.5.3 Fix Pack 6 Interim Fix 6 and Domino 8.5.3 Fixed Pack 6 Interim Fix 10
  • All 9.0 and 8.5.x releases of IBM Notes and Domino prior to those listed above

Impact:

Successful exploitation could lead to retrieval of sensitive information and system crash.


Recommendation:

The vendor has released fixes to address the issue and they can be downloaded at the following URL:

  • Java patch installer for Notes & Domino 9.0.1 Fix Pack 5
    http://www-01.ibm.com/support/docview.wss?uid=swg24037141

  • Java patch installer for Notes & Domino 8.5.3 Fix Pack 6 (plus Interim Fix)
    http://www-01.ibm.com/support/docview.wss?uid=swg21663874#JVM_tab


More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg21971361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842 (to CVE-2015-4844)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5006



Tag: IBM , IBM Notes , Domino
Tags