Security Alert (A18-11-06): Multiple Vulnerabilities in IBM Notes and Domino


 

Published on: 16 November 2018

  
  

Description:

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks which may allow remote attackers to exploit the vulnerable systems without authentication.

 

Affected Systems:

  • IBM Notes 9.0.1 to IBM Notes 9.0.1 Feature Pack 10
  • IBM Domino 9.0.1 through 9.0.1 Feature Pack 10
  • All 9.0.x releases of IBM Notes and Domino prior to those listed above

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, privilege escalation, denial of services, information disclosure or take control of affected system.

 

Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URLs:

  • JVM Patches for Notes and Domino 9.0.1.x
    http://www.ibm.com/support/docview.wss?uid=swg21657963

 

More Information:

https://www-01.ibm.com/support/docview.wss?uid=ibm10740269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3736

 



Tag: Domino , IBM , IBM Notes
Tags