Security Alert (A17-10-01): Multiple Vulnerabilities in IBM Notes and Domino


 

Published on: 04 October 2017

  
  

Description:

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (July 2017) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.

 

Affected Systems:

  • IBM Notes 9.0.1 to IBM Notes 9.0.1 Fix Pack 9
  • IBM Notes 8.5.3 to IBM Notes 8.5.3 Fix Pack 6 Interim Fix 15
  • IBM Domino 9.0.1 through 9.0.1 Feature Pack 9 Interim Fix 1
  • IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 18
  • All 9.0.x, 9.0, 8.5.x and 8.5 releases of IBM Notes and Domino prior to those listed above

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, privilege escalation, denial of services, information disclosure or take control of affected system.

 

Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URLs:

  • JVM Patches for Notes and Domino 9.0.1.x
    http://www.ibm.com/support/docview.wss?uid=swg21657963

  • JVM Patches for Notes and Domino 8.5.3 Fix Pack 6
    http://www-01.ibm.com/support/docview.wss?uid=swg21663874

 

More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg22009232
http://www-01.ibm.com/support/docview.wss?uid=swg22009253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10107 (to CVE-2017-10111)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10243

 



Tag: IBM , IBM Notes , Domino
Tags