Published on: 10 June 2015
Multiple vulnerabilities are found in IBM Lotus Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (April 2015) which could be remotely exploited without authentication.
A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.
Successful exploitation could lead to arbitrary code execution, retrieval of sensitive information and system crash.
The vendor has released fixes to address the issue and they can be downloaded at the following URL:
http://www-01.ibm.com/support/docview.wss?uid=swg21903541
https://www.hkcert.org/my_url/en/alert/15061010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808