Vulnerabilites related to ibm - client_application_access
CVE-2016-0270 (GCVE-0-2016-0270)
Vulnerability from cvelistv5
Published
2017-02-08 16:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96062"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"name": "https://github.com/nonce-disrespect/nonce-disrespect",
"refsource": "MISC",
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"name": "https://support.citrix.com/article/CTX220329",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220329"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0270",
"datePublished": "2017-02-08T16:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1720 (GCVE-0-2017-1720)
Vulnerability from cvelistv5
Published
2018-02-13 20:00
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | IBM | Client Application Access |
Version: 1.0.0.1 Version: 1.0.1 Version: 1.0.1.2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1720",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:20:55.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1410 (GCVE-0-2018-1410)
Vulnerability from cvelistv5
Published
2018-02-19 14:00
Modified
2024-09-16 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | IBM | Client Application Access |
Version: 1.0.0.1 Version: 1.0.1 Version: 1.0.1.2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1410",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:23:55.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1411 (GCVE-0-2018-1411)
Vulnerability from cvelistv5
Published
2018-02-19 14:00
Modified
2024-09-17 01:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | IBM | Client Application Access |
Version: 1.0.0.1 Version: 1.0.1 Version: 1.0.1.2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1411",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:51:25.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1711 (GCVE-0-2017-1711)
Vulnerability from cvelistv5
Published
2018-02-13 20:00
Modified
2024-09-17 04:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | IBM | Client Application Access |
Version: 1.0.0.1 Version: 1.0.1.1 Version: 1.0.1.2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010775",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1711",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T04:29:16.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1714 (GCVE-0-2017-1714)
Vulnerability from cvelistv5
Published
2018-02-13 20:00
Modified
2024-09-17 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | IBM | Client Application Access |
Version: 1.0.0.1 Version: 1.0.1.1 Version: 1.0.1.2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010777",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010776",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1714",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:56:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1409 (GCVE-0-2018-1409)
Vulnerability from cvelistv5
Published
2018-02-19 14:00
Modified
2024-09-16 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | IBM | Client Application Access |
Version: 1.0.0.1 Version: 1.0.1 Version: 1.0.1.2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1409",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:20:33.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-02-19 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138710 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138710 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72683B62-0BB1-4FB2-8661-447FCF535885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBB9A06-5600-4174-A4A5-C85059DDE4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99D14E8F-303F-4BE3-9BC4-0646B71A8660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9ABFF78-233F-4413-AE17-C290D50E2E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C0946E0E-508F-49D0-BBA8-8CB725BDD3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCFCE2-5023-4519-B42A-F9B7F818BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62A11E-6224-4BC8-A46B-74A44D2F6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
},
{
"lang": "es",
"value": "IBM Notes Diagnostics (IBM Client Application Access e IBM Notes) podr\u00eda permitir que un usuario local ejecute comandos en el sistema. Esto se logra al manipular una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida, la cual podr\u00eda ser forzada por el atacante para que ejecute un archivo ejecutable. IBM X-Force ID: 138710."
}
],
"id": "CVE-2018-1411",
"lastModified": "2024-11-21T03:59:46.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T14:29:00.693",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-13 20:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010776 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010777 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134633 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010776 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010777 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134633 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | notes | 8.5.0.0 | |
| ibm | notes | 8.5.1.0 | |
| ibm | notes | 8.5.2.0 | |
| ibm | notes | 8.5.3.0 | |
| ibm | notes | 9.0.0.0 | |
| ibm | notes | 9.0.1.0 | |
| ibm | client_application_access | 1.0.1.0 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0295E4E8-6A3E-44AE-935A-3BF4282AA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFB0E44-E747-4685-8273-EF12E556D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB11113-37E2-4A92-A100-BA2BD01043FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02D60EB9-26DF-4B03-923B-12DE5D8E5D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9327CB4C-30F0-47E0-9D3D-445CE49F6C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B784D714-6267-4314-AAC1-E8D1E8479F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFB3033-7E8C-4042-A93D-0D9E43456120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B201085B-5565-45DA-B82B-8E34B808B5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "C4E31A15-D77C-4DF7-A0A3-B4FA3D87892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "B20619CD-4A2C-499D-9349-81283A76B0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
},
{
"lang": "es",
"value": "IBM Notes and Domino NSD 8.5 y 9.0 podr\u00edan permitir que un usuario local autenticado sin privilegios administrativos obtenga privilegios System. IBM X-Force ID: 134633."
}
],
"id": "CVE-2017-1714",
"lastModified": "2024-11-21T03:22:15.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T20:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72683B62-0BB1-4FB2-8661-447FCF535885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBB9A06-5600-4174-A4A5-C85059DDE4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99D14E8F-303F-4BE3-9BC4-0646B71A8660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9ABFF78-233F-4413-AE17-C290D50E2E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C0946E0E-508F-49D0-BBA8-8CB725BDD3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCFCE2-5023-4519-B42A-F9B7F818BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62A11E-6224-4BC8-A46B-74A44D2F6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
},
{
"lang": "es",
"value": "IBM Notes Diagnostics (IBM Client Application Access e IBM Notes) podr\u00eda permitir que un usuario local ejecute comandos en el sistema. Esto se logra al manipular una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida, la cual podr\u00eda ser forzada por el atacante para que ejecute un archivo ejecutable. IBM X-Force ID: 138709."
}
],
"id": "CVE-2018-1410",
"lastModified": "2024-11-21T03:59:45.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T14:29:00.630",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72683B62-0BB1-4FB2-8661-447FCF535885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBB9A06-5600-4174-A4A5-C85059DDE4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99D14E8F-303F-4BE3-9BC4-0646B71A8660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9ABFF78-233F-4413-AE17-C290D50E2E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C0946E0E-508F-49D0-BBA8-8CB725BDD3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCFCE2-5023-4519-B42A-F9B7F818BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62A11E-6224-4BC8-A46B-74A44D2F6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
},
{
"lang": "es",
"value": "IBM Notes Diagnostics (IBM Client Application Access e IBM Notes) podr\u00eda permitir que un usuario local ejecute comandos en el sistema. Esto se logra al manipular una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida, la cual podr\u00eda ser forzada por el atacante para que ejecute un archivo ejecutable. IBM X-Force ID: 138708."
}
],
"id": "CVE-2018-1409",
"lastModified": "2024-11-21T03:59:45.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T14:29:00.583",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-13 20:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134807 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134807 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | notes | 8.5.0.0 | |
| ibm | notes | 8.5.1.0 | |
| ibm | notes | 8.5.2.0 | |
| ibm | notes | 8.5.3.0 | |
| ibm | notes | 9.0.0.0 | |
| ibm | notes | 9.0.1.0 | |
| ibm | client_application_access | 1.0.1.0 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0295E4E8-6A3E-44AE-935A-3BF4282AA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFB0E44-E747-4685-8273-EF12E556D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB11113-37E2-4A92-A100-BA2BD01043FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02D60EB9-26DF-4B03-923B-12DE5D8E5D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9327CB4C-30F0-47E0-9D3D-445CE49F6C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B784D714-6267-4314-AAC1-E8D1E8479F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFB3033-7E8C-4042-A93D-0D9E43456120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B201085B-5565-45DA-B82B-8E34B808B5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "C4E31A15-D77C-4DF7-A0A3-B4FA3D87892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "B20619CD-4A2C-499D-9349-81283A76B0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
},
{
"lang": "es",
"value": "Las versiones 8.5 y 9.0 de IBM Notes podr\u00edan permitir que un atacante local ejecute comandos arbitrarios manipulando cuidadosamente una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida. IBM X-Force ID: 134807."
}
],
"id": "CVE-2017-1720",
"lastModified": "2024-11-21T03:22:15.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T20:29:00.387",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-13 20:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010774 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010775 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134532 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010774 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010775 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134532 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | notes | 8.5.0.0 | |
| ibm | notes | 8.5.1.0 | |
| ibm | notes | 8.5.2.0 | |
| ibm | notes | 8.5.3.0 | |
| ibm | notes | 9.0.0.0 | |
| ibm | notes | 9.0.1.0 | |
| ibm | client_application_access | 1.0.1.0 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0295E4E8-6A3E-44AE-935A-3BF4282AA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFB0E44-E747-4685-8273-EF12E556D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB11113-37E2-4A92-A100-BA2BD01043FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02D60EB9-26DF-4B03-923B-12DE5D8E5D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9327CB4C-30F0-47E0-9D3D-445CE49F6C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B784D714-6267-4314-AAC1-E8D1E8479F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFB3033-7E8C-4042-A93D-0D9E43456120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B201085B-5565-45DA-B82B-8E34B808B5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "C4E31A15-D77C-4DF7-A0A3-B4FA3D87892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "B20619CD-4A2C-499D-9349-81283A76B0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
},
{
"lang": "es",
"value": "Las versiones 8.5 y 9.0 de IBM iNotes SUService pueden manipularse para que ejecuten c\u00f3digo malicioso de un DLL disfrazado de DLL de windows en el directorio temp. IBM X-Force ID: 134532."
}
],
"id": "CVE-2017-1711",
"lastModified": "2024-11-21T03:22:15.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T20:29:00.263",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-08 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C10DAB-5579-4273-9B5E-58199A978DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAB1EE7-3835-4AD6-8F13-01C1CB62F98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "320A0EC3-D4DC-4CEC-B71A-47658A8C17AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
},
{
"lang": "es",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versi\u00f3n 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generaci\u00f3n aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticaci\u00f3n y suplantar datos aprovechando la reutilizaci\u00f3n de un nonce en una sesi\u00f3n y un \"ataque prohibido\". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilizaci\u00f3n de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix."
}
],
"id": "CVE-2016-0270",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-08T16:59:00.133",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1037795"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"source": "psirt@us.ibm.com",
"url": "https://support.citrix.com/article/CTX220329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.citrix.com/article/CTX220329"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}