Vulnerability-Lookup - Search a vulnerability

CVE-2015-1902 (GCVE-0-2015-1902)

Vulnerability from cvelistv5

Published

2015-05-20 10:00

Modified

2024-08-06 04:54

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21883245	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032376	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/74597	vdb-entry, x_refsource_BID
	http://www.zerodayinitiative.com/advisories/ZDI-15-193	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
          },
          {
            "name": "1032376",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032376"
          },
          {
            "name": "74597",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74597"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
        },
        {
          "name": "1032376",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032376"
        },
        {
          "name": "74597",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74597"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1902",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
            },
            {
              "name": "1032376",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032376"
            },
            {
              "name": "74597",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74597"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-193",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1902",
    "datePublished": "2015-05-20T10:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0304 (GCVE-0-2016-0304)

Vulnerability from cvelistv5

Published

2016-06-29 01:00

Modified

2024-08-05 22:15

Severity ?

CWE

n/a

Summary

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

References

►

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=swg21983328

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-29T01:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983328",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0304",
    "datePublished": "2016-06-29T01:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2015 (GCVE-0-2015-2015)

Vulnerability from cvelistv5

Published

2015-08-23 01:00

Modified

2024-08-06 05:02

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.

References

►

URL

Tags

	http://www.securitytracker.com/id/1033271	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21963016	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:43.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033271"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-20T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1033271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033271"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-2015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033271",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033271"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-2015",
    "datePublished": "2015-08-23T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:43.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6277 (GCVE-0-2012-6277)

Vulnerability from cvelistv5

Published

2020-02-21 16:50

Modified

2024-08-06 21:28

Severity ?

CWE

Other

Summary

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."

References

►

URL

Tags

	https://support.symantec.com/us/en/article.symsa1262.html	x_refsource_MISC
	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/849841/	x_refsource_MISC
	https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277	x_refsource_MISC
	https://www.tenable.com/plugins/nessus/67192	x_refsource_MISC
	https://tools.cisco.com/security/center/viewAlert.x?alertId=27482	x_refsource_MISC
	https://www.securityfocus.com/bid/56610	x_refsource_MISC
	https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Autonomy KeyView IDOL	Version: before 10.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.symantec.com/us/en/article.symsa1262.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/849841/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/plugins/nessus/67192"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/56610"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autonomy KeyView IDOL",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 10.16"
            }
          ]
        }
      ],
      "datePublic": "2012-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-21T16:50:17",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.symantec.com/us/en/article.symsa1262.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/849841/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/plugins/nessus/67192"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityfocus.com/bid/56610"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-6277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autonomy KeyView IDOL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 10.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.symantec.com/us/en/article.symsa1262.html",
              "refsource": "MISC",
              "url": "https://support.symantec.com/us/en/article.symsa1262.html"
            },
            {
              "name": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/",
              "refsource": "MISC",
              "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/849841/",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/849841/"
            },
            {
              "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277",
              "refsource": "MISC",
              "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
            },
            {
              "name": "https://www.tenable.com/plugins/nessus/67192",
              "refsource": "MISC",
              "url": "https://www.tenable.com/plugins/nessus/67192"
            },
            {
              "name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482",
              "refsource": "MISC",
              "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
            },
            {
              "name": "https://www.securityfocus.com/bid/56610",
              "refsource": "MISC",
              "url": "https://www.securityfocus.com/bid/56610"
            },
            {
              "name": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities",
              "refsource": "MISC",
              "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-6277",
    "datePublished": "2020-02-21T16:50:17",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6087 (GCVE-0-2016-6087)

Vulnerability from cvelistv5

Published

2017-06-07 17:00

Modified

2024-08-06 01:22

Severity ?

CWE

Obtain Information

Summary

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038606	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/98794	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22002808	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/117918	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Domino	Version: 9.0.1 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:19.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038606",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038606"
          },
          {
            "name": "98794",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98794"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22002808"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117918"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            }
          ]
        }
      ],
      "datePublic": "2017-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1038606",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038606"
        },
        {
          "name": "98794",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98794"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22002808"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117918"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6087",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038606",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038606"
            },
            {
              "name": "98794",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98794"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22002808",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22002808"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117918",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117918"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6087",
    "datePublished": "2017-06-07T17:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:19.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0135 (GCVE-0-2015-0135)

Vulnerability from cvelistv5

Published

2015-04-21 16:00

Modified

2024-08-06 04:03

Severity ?

CWE

n/a

Summary

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21701647	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032151	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:08.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647"
          },
          {
            "name": "1032151",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032151"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-30T14:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647"
        },
        {
          "name": "1032151",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032151"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647"
            },
            {
              "name": "1032151",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032151"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0135",
    "datePublished": "2015-04-21T16:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:08.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4994 (GCVE-0-2015-4994)

Vulnerability from cvelistv5

Published

2015-10-29 10:00

Modified

2024-08-06 06:32

Severity ?

CWE

n/a

Summary

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.

References

►

URL

Tags

	http://www.securitytracker.com/id/1033974	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21969050	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033974",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033974"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1033974",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033974"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033974",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033974"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4994",
    "datePublished": "2015-10-29T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0270 (GCVE-0-2016-0270)

Vulnerability from cvelistv5

Published

2017-02-08 16:00

Modified

2024-08-05 22:15

Severity ?

CWE

n/a

Summary

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

References

►

URL

Tags

	http://www.securityfocus.com/bid/96062	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21979604	x_refsource_CONFIRM
	https://github.com/nonce-disrespect/nonce-disrespect	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg21979673	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX220329	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21979669	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037795	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96062",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nonce-disrespect/nonce-disrespect"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX220329"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
          },
          {
            "name": "1037795",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037795"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "96062",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nonce-disrespect/nonce-disrespect"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX220329"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
        },
        {
          "name": "1037795",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037795"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96062",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
            },
            {
              "name": "https://github.com/nonce-disrespect/nonce-disrespect",
              "refsource": "MISC",
              "url": "https://github.com/nonce-disrespect/nonce-disrespect"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
            },
            {
              "name": "https://support.citrix.com/article/CTX220329",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX220329"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
            },
            {
              "name": "1037795",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037795"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0270",
    "datePublished": "2017-02-08T16:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0179 (GCVE-0-2015-0179)

Vulnerability from cvelistv5

Published

2015-04-06 00:00

Modified

2024-08-06 04:03

Severity ?

CWE

n/a

Summary

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032027	vdb-entry, x_refsource_SECTRACK
	https://www.exploit-db.com/exploits/42605/	exploit, x_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:09.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
          },
          {
            "name": "1032027",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032027"
          },
          {
            "name": "42605",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42605/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-06T09:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
        },
        {
          "name": "1032027",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032027"
        },
        {
          "name": "42605",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42605/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0179",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
            },
            {
              "name": "1032027",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032027"
            },
            {
              "name": "42605",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42605/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0179",
    "datePublished": "2015-04-06T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:09.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0134 (GCVE-0-2015-0134)

Vulnerability from cvelistv5

Published

2015-04-06 00:00

Modified

2024-08-06 04:03

Severity ?

CWE

n/a

Summary

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032027	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:09.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
          },
          {
            "name": "1032027",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032027"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-08T13:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
        },
        {
          "name": "1032027",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032027"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0134",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
            },
            {
              "name": "1032027",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032027"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0134",
    "datePublished": "2015-04-06T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:09.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1274 (GCVE-0-2017-1274)

Vulnerability from cvelistv5

Published

2017-04-25 18:00

Modified

2024-08-05 13:25

Severity ?

CWE

Gain Access

Summary

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22002280	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97910	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/bid/98019	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1038358	vdb-entry, x_refsource_SECTRACK
	https://www.kb.cert.org/vuls/id/676632	third-party-advisory, x_refsource_CERT-VN
	http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Domino	Version: 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7, 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22002280"
          },
          {
            "name": "97910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97910"
          },
          {
            "name": "98019",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98019"
          },
          {
            "name": "1038358",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038358"
          },
          {
            "name": "VU#676632",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/676632"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7, 9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-10T16:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22002280"
        },
        {
          "name": "97910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97910"
        },
        {
          "name": "98019",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98019"
        },
        {
          "name": "1038358",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038358"
        },
        {
          "name": "VU#676632",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/676632"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1274",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7, 9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22002280",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22002280"
            },
            {
              "name": "97910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97910"
            },
            {
              "name": "98019",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98019"
            },
            {
              "name": "1038358",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038358"
            },
            {
              "name": "VU#676632",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/676632"
            },
            {
              "name": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1274",
    "datePublished": "2017-04-25T18:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5040 (GCVE-0-2015-5040)

Vulnerability from cvelistv5

Published

2015-10-29 10:00

Modified

2024-08-06 06:32

Severity ?

CWE

n/a

Summary

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994.

References

►

URL

Tags

	http://www.securitytracker.com/id/1033974	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21969050	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033974",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033974"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1033974",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033974"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033974",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033974"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5040",
    "datePublished": "2015-10-29T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0277 (GCVE-0-2016-0277)

Vulnerability from cvelistv5

Published

2016-06-26 14:00

Modified

2024-08-05 22:15

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.

References

►

URL

Tags

	http://www.securitytracker.com/id/1036091	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036091",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-25T16:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1036091",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036091",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036091"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0277",
    "datePublished": "2016-06-26T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5880 (GCVE-0-2016-5880)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94606	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94606",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94606"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94606",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94606"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5880",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94606",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94606"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5880",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2014 (GCVE-0-2015-2014)

Vulnerability from cvelistv5

Published

2015-08-23 01:00

Modified

2024-08-06 05:02

Severity ?

CWE

n/a

Summary

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.

References

►

URL

Tags

	http://www.securitytracker.com/id/1033271	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21963016	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:42.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033271"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-20T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1033271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033271"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-2014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033271",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033271"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-2014",
    "datePublished": "2015-08-23T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:42.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5884 (GCVE-0-2016-5884)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94602	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7	Version: IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94602"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94602"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94602",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94602"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5884",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5882 (GCVE-0-2016-5882)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94604	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94604",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94604"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94604",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94604"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5882",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94604",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94604"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5882",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0278 (GCVE-0-2016-0278)

Vulnerability from cvelistv5

Published

2016-06-26 14:00

Modified

2024-08-05 22:15

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.

References

►

URL

Tags

	http://www.securitytracker.com/id/1036091	vdb-entry, x_refsource_SECTRACK
	http://www.talosintelligence.com/reports/TALOS-2016-0090/	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036091",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036091"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0090/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1036091",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036091"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0090/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036091",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036091"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0090/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0090/"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0278",
    "datePublished": "2016-06-26T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6113 (GCVE-0-2016-6113)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:22

Severity ?

CWE

Cross-Site Scripting

Summary

IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94603	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94603",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94603"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94603",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94603"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94603",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94603"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6113",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2939 (GCVE-0-2016-2939)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-05 23:40

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94605	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94605",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94605"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94605",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94605"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2939",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94605",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94605"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2939",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0117 (GCVE-0-2015-0117)

Vulnerability from cvelistv5

Published

2015-04-06 00:00

Modified

2024-08-06 03:55

Severity ?

CWE

n/a

Summary

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032027	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:27.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
          },
          {
            "name": "1032027",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032027"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-08T13:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
        },
        {
          "name": "1032027",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032027"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0117",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
            },
            {
              "name": "1032027",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032027"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0117",
    "datePublished": "2015-04-06T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:27.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1981 (GCVE-0-2015-1981)

Vulnerability from cvelistv5

Published

2015-06-28 14:00

Modified

2024-08-06 05:02

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21959908	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/74908	vdb-entry, x_refsource_BID
	http://seclists.org/fulldisclosure/2015/Jun/56	mailing-list, x_refsource_FULLDISC
	http://www.securitytracker.com/id/1032673	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:42.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908"
          },
          {
            "name": "74908",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74908"
          },
          {
            "name": "20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Jun/56"
          },
          {
            "name": "1032673",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032673"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908"
        },
        {
          "name": "74908",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74908"
        },
        {
          "name": "20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Jun/56"
        },
        {
          "name": "1032673",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032673"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908"
            },
            {
              "name": "74908",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74908"
            },
            {
              "name": "20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Jun/56"
            },
            {
              "name": "1032673",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032673"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1981",
    "datePublished": "2015-06-28T14:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:42.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1771 (GCVE-0-2018-1771)

Vulnerability from cvelistv5

Published

2018-12-20 14:00

Modified

2024-09-17 03:02

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/148687	vdb-entry, x_refsource_XF
	https://www.ibm.com/support/docview.wss?uid=ibm10743405	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	Domino	Version: 9.0.1 Version: 9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-notes-cve20181771-priv-escalation(148687)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743405"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0"
            }
          ]
        }
      ],
      "datePublic": "2018-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-20T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-notes-cve20181771-priv-escalation(148687)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743405"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-18T00:00:00",
          "ID": "CVE-2018-1771",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-notes-cve20181771-priv-escalation(148687)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10743405",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743405"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1771",
    "datePublished": "2018-12-20T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:02:20.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1903 (GCVE-0-2015-1903)

Vulnerability from cvelistv5

Published

2015-05-20 10:00

Modified

2024-08-06 04:54

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21883245	x_refsource_CONFIRM
	http://www.zerodayinitiative.com/advisories/ZDI-15-194	x_refsource_MISC
	http://www.securityfocus.com/bid/74598	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1032376	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-194"
          },
          {
            "name": "74598",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74598"
          },
          {
            "name": "1032376",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032376"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-194"
        },
        {
          "name": "74598",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74598"
        },
        {
          "name": "1032376",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032376"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1903",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-194",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-194"
            },
            {
              "name": "74598",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74598"
            },
            {
              "name": "1032376",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032376"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1903",
    "datePublished": "2015-05-20T10:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2938 (GCVE-0-2016-2938)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-05 23:40

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/94600	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7	Version: IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "name": "94600",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "name": "94600",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "94600",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94600"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2938",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0301 (GCVE-0-2016-0301)

Vulnerability from cvelistv5

Published

2016-06-26 14:00

Modified

2024-08-05 22:15

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.

References

►

URL

Tags

	http://www.securitytracker.com/id/1036091	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036091",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-25T16:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1036091",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0301",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036091",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036091"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0301",
    "datePublished": "2016-06-26T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0279 (GCVE-0-2016-0279)

Vulnerability from cvelistv5

Published

2016-06-26 14:00

Modified

2024-08-05 22:15

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.

References

►

URL

Tags

	http://www.securitytracker.com/id/1036091	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036091",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-25T16:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1036091",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0279",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036091",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036091"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0279",
    "datePublished": "2016-06-26T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94604	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94604	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5882",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.940",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94604"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-10-29 11:59

Modified

2025-04-12 10:46

Severity ?

Summary

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21969050	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1033974
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21969050	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033974

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.0.1
ibm	domino	8.5.1
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.1
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7798E7E-8743-4245-90AF-9D9BA9DD33BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en IBM Domino 8.5.1 hasta la versi\u00f3n 8.5.3 en versiones anteriores a 8.5.3 FP6 IF10 y 9.x en versiones anteriores a 9.0.1 FP4 IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de demonio SMTP) a trav\u00e9s de una imagen GIF manipulada, tambi\u00e9n conocida como SPRs KLYH9ZDKRE y KLYH9ZTLEZ, una vulnerabilidad diferente a CVE-2015-4994."
    }
  ],
  "id": "CVE-2015-5040",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-29T11:59:07.617",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1033974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033974"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94603	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94603	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Verse es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6113",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:02.427",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94603"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94600	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94600	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-2938",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94600"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-06-26 14:59

Modified

2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1036091
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036091

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	9.0.1
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	8.5.3
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.1
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.2
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el filtro KeyView PDF en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento PDF manipulado, una vulnerabilidad diferente a CVE-2016-0277, CVE-2016-0278 y CVE-2016-0279."
    }
  ],
  "id": "CVE-2016-0301",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-26T14:59:05.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036091"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-06-26 14:59

Modified

2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1036091
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036091

Impacted products

Vendor	Product	Version
ibm	domino	8.5.2
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.3
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.1
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	9.0.1
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	8.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el filtro KeyView PDF en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento PDF manipulado, una vulnerabilidad diferente a CVE-2016-0278, CVE-2016-0279 y CVE-2016-0301."
    }
  ],
  "id": "CVE-2016-0277",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-26T14:59:02.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036091"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-25 18:59

Modified

2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.

References

URL	Tags
psirt@us.ibm.com	http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22002280	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/97910
psirt@us.ibm.com	http://www.securityfocus.com/bid/98019	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1038358
psirt@us.ibm.com	https://www.kb.cert.org/vuls/id/676632
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22002280	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97910
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98019	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038358
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/676632

Impacted products

Vendor	Product	Version
ibm	domino	8.5.3
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1
ibm	domino	9.0.1.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9196D34D-14FF-4E78-B9EE-36B59D133A98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749."
    },
    {
      "lang": "es",
      "value": "IBM Domino versiones 8.5.3 y 9.0 es vulnerable a desbordamiento basado en pila en el servicio IMAP lo que podr\u00eda permitir a un atacante autenticado ejecutar c\u00f3digo arbitrario especificando un nombre largo de buz\u00f3n. IBM X-Force ID: 124749."
    }
  ],
  "id": "CVE-2017-1274",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-25T18:59:00.197",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002280"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/97910"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98019"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038358"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.kb.cert.org/vuls/id/676632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/97910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/676632"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-06 00:59

Modified

2025-04-12 10:46

Severity ?

Summary

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1032027	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://www.exploit-db.com/exploits/42605/
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032027	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42605/

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V."
    },
    {
      "lang": "es",
      "value": "Notes System Diagnostic (NSD) en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a usuarios locales obtener el privilegio System a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR TCHL9SST8V."
    }
  ],
  "id": "CVE-2015-0179",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-06T00:59:04.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032027"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.exploit-db.com/exploits/42605/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/42605/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94602	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94602	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5884",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.973",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94602"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-06-26 14:59

Modified

2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1036091
psirt@us.ibm.com	http://www.talosintelligence.com/reports/TALOS-2016-0090/
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036091
af854a3a-2127-422b-91ae-364da2661108	http://www.talosintelligence.com/reports/TALOS-2016-0090/

Impacted products

Vendor	Product	Version
ibm	domino	8.5.3
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.0
ibm	domino	9.0.1
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	8.5.1
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.2
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el filtro KeyView PDF en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento PDF manipulado, una vulnerabilidad diferente a CVE-2016-0277, CVE-2016-0279 y CVE-2016-0301."
    }
  ],
  "id": "CVE-2016-0278",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-26T14:59:03.437",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036091"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0090/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0090/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-06-26 14:59

Modified

2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1036091
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21983292	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036091

Impacted products

Vendor	Product	Version
ibm	domino	8.5.2
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.0
ibm	domino	8.5.3
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.1
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	9.0.1
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el filtro KeyView PDF en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento PDF manipulado, una vulnerabilidad diferente a CVE-2016-0277, CVE-2016-0278 y CVE-2016-0301."
    }
  ],
  "id": "CVE-2016-0279",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-26T14:59:04.437",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036091"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-06 00:59

Modified

2025-04-12 10:46

Severity ?

Summary

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1032027	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032027	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la implementaci\u00f3n SSLv2 en IBM Domino 8.5.x anterior a 8.5.1 FP5 IF3, 8.5.2 anterior a FP4 IF3, 8.5.3 anterior a FP6 IF6, 9.0 anterior a IF7, y 9.0.1 anterior a FP2 IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0134",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-06T00:59:03.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032027"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94605	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94605	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-2939",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.363",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94605"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-05-20 10:59

Modified

2025-04-12 10:46

Severity ?

Summary

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21883245	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/74598	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1032376	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.zerodayinitiative.com/advisories/ZDI-15-194	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21883245	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74598	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032376	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-15-194	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en pila en IBM Domino 8.5 anterior a 8.5.3 FP6 IF7 y 9.0 anterior a 9.0.1 FP3 IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada, tambi\u00e9n conocido como SPR KLYH9TSN3Y."
    }
  ],
  "id": "CVE-2015-1903",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-20T10:59:19.073",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74598"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032376"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-194"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-06-28 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.

References

URL	Tags
psirt@us.ibm.com	http://seclists.org/fulldisclosure/2015/Jun/56	Mailing List, Third Party Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21959908	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/74908	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1032673	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Jun/56	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21959908	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74908	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032673	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el servidor web en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF8 y 9.x anterior a 9.0.1 FP4, cuando Webmail est\u00e1 deshabilitado, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada, tambi\u00e9n conocida como SPR KLYH9WYPR5."
    }
  ],
  "id": "CVE-2015-1981",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-06-28T14:59:02.827",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Jun/56"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74908"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Jun/56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032673"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-06-29 01:59

Modified

2025-04-12 10:46

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

References

▶	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21983328	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21983328	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	domino	8.5.3
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	8.5.2
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.1
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.0
ibm	domino	9.0.1
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920."
    },
    {
      "lang": "es",
      "value": "La Consola de Java en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6, cuando se utiliza una cierta configuraci\u00f3n no compatible que involucra nombres de ruta compartidos UNC, permite a atacantes remotos eludir autenticaci\u00f3n y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como SPR KLYHA7MM3J. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2011-0920."
    }
  ],
  "id": "CVE-2016-0304",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-29T01:59:06.840",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983328"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-10-29 10:59

Modified

2025-04-12 10:46

Severity ?

Summary

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21969050	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1033974
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21969050	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033974

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en IBM Domino 8.5.1 hasta la versi\u00f3n 8.5.3 en versiones anteriores a 8.5.3 FP6 IF10 y 9.x en versiones anteriores a 9.0.1 FP4 IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de demonio SMTP) a trav\u00e9s de una imagen GIF manipulada, tambi\u00e9n conocida como SPRs KLYH9ZDKRE y KLYH9ZTLEZ, una vulnerabilidad diferente a CVE-2015-5040."
    }
  ],
  "id": "CVE-2015-4994",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-29T10:59:43.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1033974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033974"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-06 00:59

Modified

2025-04-12 10:46

Severity ?

Summary

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1032027	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032027	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM."
    },
    {
      "lang": "es",
      "value": "El servidor LDAP en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR KLYH9SLRGM."
    }
  ],
  "id": "CVE-2015-0117",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-06T00:59:01.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032027"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-21 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21701647	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1032151
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21701647	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032151

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9."
    },
    {
      "lang": "es",
      "value": "IBM Domino 8.5 anterior a 8.5.3 FP6 IF4 y 9.0 anterior a 9.0.1 FP3 IF2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (truncaci\u00f3n de enteros y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una imagen GIF manipulada, tambi\u00e9n conocido como SPR KLYH9T7NT9."
    }
  ],
  "id": "CVE-2015-0135",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-21T16:59:01.233",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1032151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032151"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-21 17:15

Modified

2024-11-21 01:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."

References

URL	Tags
cret@cert.org	https://support.symantec.com/us/en/article.symsa1262.html	Vendor Advisory
cret@cert.org	https://tools.cisco.com/security/center/viewAlert.x?alertId=27482	Third Party Advisory
cret@cert.org	https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277	Third Party Advisory
cret@cert.org	https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities	Third Party Advisory, US Government Resource
cret@cert.org	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/	Vendor Advisory
cret@cert.org	https://www.kb.cert.org/vuls/id/849841/	Third Party Advisory, US Government Resource
cret@cert.org	https://www.securityfocus.com/bid/56610	Third Party Advisory, VDB Entry
cret@cert.org	https://www.tenable.com/plugins/nessus/67192	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.symantec.com/us/en/article.symsa1262.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/viewAlert.x?alertId=27482	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/849841/	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/bid/56610	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/plugins/nessus/67192	Third Party Advisory

Impacted products

Vendor	Product	Version
ibm	domino	*
ibm	notes	*
symantec	data_loss_prevention_endpoint	*
symantec	data_loss_prevention_enforce\/detection_servers	*
symantec	data_loss_prevention_enforce\/detection_servers	*
symantec	mail_security	*
symantec	mail_security	*
symantec	mail_security	6.5.7
symantec	messaging_gateway	*
hp	autonomy_keyview_idol	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE05C15-E8B6-440F-BFB5-4A1CA7D3B382",
              "versionEndIncluding": "8.5.3.6",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8FF0B4-21A9-414D-938A-B27D6EF8350E",
              "versionEndIncluding": "8.5.3",
              "versionStartIncluding": "8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B17C35B-5DF5-42CF-B97E-FB2D24747603",
              "versionEndExcluding": "11.6.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_enforce\\/detection_servers:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "32914759-628E-4F6E-8ADA-291F4F80FF62",
              "versionEndExcluding": "11.6.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_enforce\\/detection_servers:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "056E5F20-0573-45E8-80A2-F1B5516500EF",
              "versionEndExcluding": "11.6.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:*:*:*:*:*:microsoft_exchange:*:*",
              "matchCriteriaId": "05E1DA05-2A64-4B66-9C3A-42407BAE35F4",
              "versionEndIncluding": "6.5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:*:*:*:*:*:domino:*:*",
              "matchCriteriaId": "741E89BC-A1F6-4385-B5FC-8541E9C71BB8",
              "versionEndIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:6.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40695CA-A51A-4383-9E99-5FBC1AD8F6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A7C81B-DA0B-4A32-98ED-9D3A26CB3A49",
              "versionEndExcluding": "10.0.1",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:autonomy_keyview_idol:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D21A9CB-B944-4087-A20F-5DBDDB43E6D1",
              "versionEndExcluding": "10.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en Autonomy KeyView IDOL versiones anteriores a 10.16, como es usado en Symantec Mail Security para Microsoft Exchange versiones anteriores a 6.5.8, Symantec Mail Security para Domino versiones anteriores a 8.1.1, Symantec Messaging Gateway versiones anteriores a 10.0.1, Symantec Data Loss Prevention (DLP) versiones anteriores a 11.6.1, IBM Notes versiones 8.5.x, IBM Lotus Domino versiones 8.5.x anteriores a 8.5.3 FP4, y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de un archivo dise\u00f1ado, relacionado con \"una serie de problemas subyacentes\" en los que \"algunos de estos casos demostraron corrupci\u00f3n de la memoria con una entrada controlada por el atacante y podr\u00edan ser explotados para ejecutar c\u00f3digo arbitrario\"."
    }
  ],
  "id": "CVE-2012-6277",
  "lastModified": "2024-11-21T01:45:58.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-21T17:15:10.883",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.symantec.com/us/en/article.symsa1262.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/849841/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/56610"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/plugins/nessus/67192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.symantec.com/us/en/article.symsa1262.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/849841/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/56610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/plugins/nessus/67192"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94606	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94606	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5880",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.893",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94606"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-12-20 14:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/148687	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10743405	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/148687	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10743405	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	domino	*
ibm	domino	9.0.0.0
ibm	domino	9.0.0.0
ibm	domino	9.0.0.0
ibm	domino	9.0.0.0
ibm	domino	9.0.1.10
ibm	domino	9.0.1.10
ibm	domino	9.0.1.10
ibm	domino	9.0.1.10
ibm	notes	*
ibm	notes	9.0.0.0
ibm	notes	9.0.0.0
ibm	notes	9.0.0.0
ibm	notes	9.0.0.0
ibm	notes	9.0.1.10
ibm	notes	9.0.1.10
ibm	notes	9.0.1.10
ibm	notes	9.0.1.10
ibm	notes	9.0.1.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2ABCCAF-0BAF-43D0-9CC9-07208DAF824F",
              "versionEndIncluding": "9.0.1.10",
              "versionStartIncluding": "9.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:if1:*:*:*:*:*:*",
              "matchCriteriaId": "95B0C353-47E1-422D-B91B-4B764D248292",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:if2:*:*:*:*:*:*",
              "matchCriteriaId": "D3950AE9-589C-46F7-8A3E-EB15D8E9227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:if3:*:*:*:*:*:*",
              "matchCriteriaId": "404E56E1-230C-4A8A-A688-5E06BC8E7E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:if4:*:*:*:*:*:*",
              "matchCriteriaId": "5701F2D9-F0D0-4294-96FA-EF953E11D41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.10:if1:*:*:*:*:*:*",
              "matchCriteriaId": "6D46F74B-B11C-4896-9643-854DA5038BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.10:if2:*:*:*:*:*:*",
              "matchCriteriaId": "3D133CFA-9EC2-4B32-A956-6146857CD032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.10:if3:*:*:*:*:*:*",
              "matchCriteriaId": "8DD76DBD-5EFA-4880-B872-165548A9B0A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.10:if4:*:*:*:*:*:*",
              "matchCriteriaId": "E61C8493-3F84-4B90-8D11-29E690960D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "863D67C1-FC55-4E89-83AF-9BEE3B990CBE",
              "versionEndIncluding": "9.0.1.10",
              "versionStartIncluding": "9.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:if1:*:*:*:*:*:*",
              "matchCriteriaId": "853E12FE-40EB-40ED-9245-7CBD05D9BEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:if2:*:*:*:*:*:*",
              "matchCriteriaId": "EBC3B7DB-578E-4C0E-9598-03D791094AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:if3:*:*:*:*:*:*",
              "matchCriteriaId": "E9CF936F-00EF-4DD7-B80B-47D64866AE88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:if4:*:*:*:*:*:*",
              "matchCriteriaId": "FD2E5893-C2FA-4191-B861-39E60BB60979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.10:if1:*:*:*:*:*:*",
              "matchCriteriaId": "9BC3FE1F-B09F-4B65-855A-41E8BF522E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.10:if2:*:*:*:*:*:*",
              "matchCriteriaId": "EDB9DABC-51B3-459C-924C-167AC1D572DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.10:if3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC028B6-D9A6-4CB8-A074-7A36694E3356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.10:if4:*:*:*:*:*:*",
              "matchCriteriaId": "8C7450F2-09D0-466E-8F18-F213CCFD5081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.10:if5:*:*:*:*:*:*",
              "matchCriteriaId": "D568103C-FFF1-4D2F-8C22-3D3AA39DD533",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687."
    },
    {
      "lang": "es",
      "value": "IBM Domino 9.0 y 9.0.1 podr\u00eda permitir que un atacante ejecute comandos en el sistema desencadenando un desbordamiento de b\u00fafer en el an\u00e1lisis de los argumentos de la l\u00ednea de comandos que se pasan a nsd.exe. IBM X-Force ID: 148687."
    }
  ],
  "id": "CVE-2018-1771",
  "lastModified": "2024-11-21T04:00:20.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-20T14:29:00.387",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743405"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-08-23 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21963016	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1033271
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21963016	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033271

Impacted products

	Vendor	Product	Version
	ibm	domino	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0165B92D-FDDB-4C2F-829C-92B6A9C6EAC5",
              "versionEndIncluding": "8.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en pubnames.ntf (tambi\u00e9n conocido como Directory template) en el servidor web en IBM Domino en versiones anteriores a 9.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a trav\u00e9s de URL manipulada, tambi\u00e9n conocido como SPR KLYH8WBPRN."
    }
  ],
  "id": "CVE-2015-2015",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-08-23T01:59:01.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1033271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033271"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-08-23 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21963016	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1033271
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21963016	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033271

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redireccionamiento abierto en el servidor web en IBM Domino en 8.5 en versiones anteriores a 8.5.3 FP6 IF9 y en 9.0 en versiones anteriores a 9.0.1 FP4, permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing o cross-site scripting (XSS) a trav\u00e9s de URL manipuladas, tambi\u00e9n conocida como SPR SJAR9DNGDA."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
  "id": "CVE-2015-2014",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-08-23T01:59:00.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1033271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033271"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-08 16:59

Modified

2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21979604	Mitigation, Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21979669	Mitigation, Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21979673	Mitigation, Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/96062	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037795
psirt@us.ibm.com	https://github.com/nonce-disrespect/nonce-disrespect	Third Party Advisory
psirt@us.ibm.com	https://support.citrix.com/article/CTX220329
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21979604	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21979669	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21979673	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96062	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037795
af854a3a-2127-422b-91ae-364da2661108	https://github.com/nonce-disrespect/nonce-disrespect	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX220329

Impacted products

Vendor	Product	Version
ibm	client_application_access	1.0.0.1
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	notes	9.0.1.3
ibm	notes	9.0.1.4
ibm	notes	9.0.1.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C10DAB-5579-4273-9B5E-58199A978DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFAB1EE7-3835-4AD6-8F13-01C1CB62F98D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:notes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "320A0EC3-D4DC-4CEC-B71A-47658A8C17AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
    },
    {
      "lang": "es",
      "value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versi\u00f3n 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generaci\u00f3n aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticaci\u00f3n y suplantar datos aprovechando la reutilizaci\u00f3n de un nonce en una sesi\u00f3n y un \"ataque prohibido\". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilizaci\u00f3n de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix."
    }
  ],
  "id": "CVE-2016-0270",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-08T16:59:00.133",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96062"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037795"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/nonce-disrespect/nonce-disrespect"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://support.citrix.com/article/CTX220329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/nonce-disrespect/nonce-disrespect"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.citrix.com/article/CTX220329"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-05-20 10:59

Modified

2025-04-12 10:46

Severity ?

Summary

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21883245	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/74597	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1032376	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.zerodayinitiative.com/advisories/ZDI-15-193	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21883245	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74597	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032376	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-15-193	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	domino	8.5.0
ibm	domino	8.5.1
ibm	domino	8.5.2
ibm	domino	8.5.3
ibm	domino	9.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en pila en IBM Domino 8.5 anterior a 8.5.3 FP6 IF7 y 9.0 anterior a 9.0.1 FP3 IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada, tambi\u00e9n conocido como SPR KLYH9TSMLA."
    }
  ],
  "id": "CVE-2015-1902",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-20T10:59:18.120",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74597"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032376"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-07 17:29

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22002808	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/98794	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1038606	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/117918	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22002808	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98794	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038606	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/117918	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	domino	9.0.1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98918EE-C145-4C44-914F-A1C79877540D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918."
    },
    {
      "lang": "es",
      "value": "IBM Domino versiones 8.5 y 9.0 podr\u00eda permitir a un atacante robar credenciales utilizando varias sesiones y grandes cantidades de datos mediante la validaci\u00f3n de Domino TLS Key Exchange. IBM X-Force ID: 117918."
    }
  ],
  "id": "CVE-2016-6087",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-07T17:29:00.537",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002808"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98794"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038606"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117918"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to IBM - Domino

CVE-2015-1902 (GCVE-0-2015-1902)

Vulnerability from cvelistv5

CVE-2016-0304 (GCVE-0-2016-0304)

Vulnerability from cvelistv5

CVE-2015-2015 (GCVE-0-2015-2015)

Vulnerability from cvelistv5

CVE-2012-6277 (GCVE-0-2012-6277)

Vulnerability from cvelistv5

CVE-2016-6087 (GCVE-0-2016-6087)

Vulnerability from cvelistv5

CVE-2015-0135 (GCVE-0-2015-0135)

Vulnerability from cvelistv5

CVE-2015-4994 (GCVE-0-2015-4994)

Vulnerability from cvelistv5

CVE-2016-0270 (GCVE-0-2016-0270)

Vulnerability from cvelistv5

CVE-2015-0179 (GCVE-0-2015-0179)

Vulnerability from cvelistv5

CVE-2015-0134 (GCVE-0-2015-0134)

Vulnerability from cvelistv5

CVE-2017-1274 (GCVE-0-2017-1274)

Vulnerability from cvelistv5

CVE-2015-5040 (GCVE-0-2015-5040)

Vulnerability from cvelistv5

CVE-2016-0277 (GCVE-0-2016-0277)

Vulnerability from cvelistv5

CVE-2016-5880 (GCVE-0-2016-5880)

Vulnerability from cvelistv5

CVE-2015-2014 (GCVE-0-2015-2014)

Vulnerability from cvelistv5

CVE-2016-5884 (GCVE-0-2016-5884)

Vulnerability from cvelistv5

CVE-2016-5882 (GCVE-0-2016-5882)

Vulnerability from cvelistv5

CVE-2016-0278 (GCVE-0-2016-0278)

Vulnerability from cvelistv5

CVE-2016-6113 (GCVE-0-2016-6113)

Vulnerability from cvelistv5

CVE-2016-2939 (GCVE-0-2016-2939)

Vulnerability from cvelistv5

CVE-2015-0117 (GCVE-0-2015-0117)

Vulnerability from cvelistv5

CVE-2015-1981 (GCVE-0-2015-1981)

Vulnerability from cvelistv5

CVE-2018-1771 (GCVE-0-2018-1771)

Vulnerability from cvelistv5

CVE-2015-1903 (GCVE-0-2015-1903)

Vulnerability from cvelistv5

CVE-2016-2938 (GCVE-0-2016-2938)

Vulnerability from cvelistv5

CVE-2016-0301 (GCVE-0-2016-0301)

Vulnerability from cvelistv5

CVE-2016-0279 (GCVE-0-2016-0279)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd