Security Alert (A18-03-01): Multiple Vulnerabilities in IBM Notes


 

Published on: 09 March 2018

  
  

Description:

Multiple vulnerabilities are found in IBM Notes and its System Diagnostics service. To exploit the vulnerability in the IBM Notes, a remote attacker could entice a target user to open a malicious file in an attacker-controlled directory. For the System Diagnostics service, a local attacker could deliberately modify a file saved on the target computer to exploit the vulnerability.

 

Affected Systems:

  • IBM Notes 9.0.1 to IBM Notes 9.0.1 Fix Pack 10 Interim Fix 1
  • IBM Notes 9.0 to IBM Notes 9.0 Interim Fix 4
  • IBM Notes 8.5.3 to IBM Notes 8.5.3 Fix Pack 6 Interim Fix 15
  • IBM Notes 8.5.2 to IBM Notes 8.5.2 Fix Pack 4 Interim Fix 3
  • IBM Notes 8.5.1 to IBM Notes 8.5.1 Fix Pack 5 Interim Fix 3
  • IBM Notes 8.5 release

 

Impact:

Depending on the vulnerabilities exploited, successful exploitation of the vulnerabilities could lead to arbitrary code execution, privilege escalation and denial of service.

 

Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URLs:

  • IBM Notes Standard 9.0.1 Fix Pack 10 Interim Fix 2
    http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FLotus%2FLotus+Notes&fixids=Notes_901FP10IF2_W32_Standard&source=SAR

  • IBM Notes Basic 9.0.1 Fix Pack 10 Interim Fix 2
    http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FLotus%2FLotus+Notes&fixids=Notes_901FP10IF2_W32_Basic&source=SAR

 

More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg22014198
http://www-01.ibm.com/support/docview.wss?uid=swg22014201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1437

 



Tag: IBM , IBM Notes
Tags