Vulnerability-Lookup - Search a vulnerability

CVE-2017-1327 (GCVE-0-2017-1327)

Vulnerability from cvelistv5

Published

2017-08-03 15:00

Modified

2024-09-16 22:16

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22003664	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/126062	x_refsource_MISC
	http://www.securityfocus.com/bid/100139	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 8.5.2.1 Version: 8.5.3.1 Version: 9.0.1.1 Version: 8.5.1.1 Version: 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062"
          },
          {
            "name": "100139",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "8.5.2.1"
            },
            {
              "status": "affected",
              "version": "8.5.3.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062"
        },
        {
          "name": "100139",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-01T00:00:00",
          "ID": "CVE-2017-1327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "8.5.2.1"
                          },
                          {
                            "version_value": "8.5.3.1"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003664",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003664"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062"
            },
            {
              "name": "100139",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1327",
    "datePublished": "2017-08-03T15:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:16:08.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0592 (GCVE-0-2013-0592)

Vulnerability from cvelistv5

Published

2018-07-11 16:00

Modified

2024-08-06 14:33

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815.

References

►

URL

Tags

	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/83815	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
          },
          {
            "name": "ibm-inotes-cve20130592-xss(83815)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
        },
        {
          "name": "ibm-inotes-cve20130592-xss(83815)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
            },
            {
              "name": "ibm-inotes-cve20130592-xss(83815)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0592",
    "datePublished": "2018-07-11T16:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0594 (GCVE-0-2013-0594)

Vulnerability from cvelistv5

Published

2018-07-11 16:00

Modified

2024-08-06 14:33

Severity ?

CWE

n/a

Summary

Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.

References

►

URL

Tags

	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/83383	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
          },
          {
            "name": "ibm-inotes-cve20130594-open-redirect(83383)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
        },
        {
          "name": "ibm-inotes-cve20130594-open-redirect(83383)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83383"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
            },
            {
              "name": "ibm-inotes-cve20130594-open-redirect(83383)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83383"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0594",
    "datePublished": "2018-07-11T16:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5880 (GCVE-0-2016-5880)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94606	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94606",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94606"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94606",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94606"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5880",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94606",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94606"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5880",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1129 (GCVE-0-2017-1129)

Vulnerability from cvelistv5

Published

2017-09-05 21:00

Modified

2024-09-16 16:38

Severity ?

CWE

Denial of Service

Summary

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

References

►

URL

Tags

	https://www.exploit-db.com/exploits/42602/	exploit, x_refsource_EXPLOIT-DB
	http://www.ibm.com/support/docview.wss?uid=swg21999385	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/121370	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22002103	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

IBM

Lotus Expeditor

Version: 6.2.1
Version: 6.2.2
Version: 6.2.3

IBM

Notes

Version: 8.5.3.6
Version: 8.5.1.5
Version: 8.5.2.4
Version: 9.0
Version: 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42602",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42602/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21999385"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121370"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22002103"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Lotus Expeditor",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            }
          ]
        },
        {
          "product": "Notes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-06T09:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "42602",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42602/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21999385"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121370"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22002103"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-08-31T00:00:00",
          "ID": "CVE-2017-1129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Lotus Expeditor",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.2"
                          },
                          {
                            "version_value": "6.2.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Notes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42602",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42602/"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21999385",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21999385"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121370",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121370"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22002103",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22002103"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1129",
    "datePublished": "2017-09-05T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T16:38:43.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1659 (GCVE-0-2017-1659)

Vulnerability from cvelistv5

Published

2020-07-01 13:45

Modified

2024-08-05 13:39

Severity ?

CWE

"Cross-Site Scripting (XSS)"

Summary

"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."

References

►

URL

Tags

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080512

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	"HCL iNotes"	Version: "Releases previous to version 9.0.1 FP10 are impacted by this vulnerability. Versions 10 and above are not impacted."

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "\"HCL iNotes\"",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\"Releases previous to version 9.0.1 FP10 are impacted by this vulnerability.  Versions 10 and above are not impacted.\""
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "\"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "\"Cross-Site Scripting (XSS)\"  ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T13:45:17",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "ID": "CVE-2017-1659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "\"HCL iNotes\"",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\"Releases previous to version 9.0.1 FP10 are impacted by this vulnerability.  Versions 10 and above are not impacted.\""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "\"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "\"Cross-Site Scripting (XSS)\"  "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080512",
              "refsource": "MISC",
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2017-1659",
    "datePublished": "2020-07-01T13:45:17",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:39:31.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9990 (GCVE-0-2016-9990)

Vulnerability from cvelistv5

Published

2017-03-31 18:00

Modified

2024-08-06 03:07

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038145	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21998824	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97151	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM Corporation	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.0.2 Version: 8.5.3.6 Version: 9.0.1 Version: 8.58.5.3 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038145",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038145"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21998824"
          },
          {
            "name": "97151",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97151"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.58.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1038145",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038145"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21998824"
        },
        {
          "name": "97151",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97151"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.58.5.3"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038145",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038145"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21998824",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998824"
            },
            {
              "name": "97151",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97151"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9990",
    "datePublished": "2017-03-31T18:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5884 (GCVE-0-2016-5884)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94602	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7	Version: IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94602"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94602"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94602",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94602"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5884",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5882 (GCVE-0-2016-5882)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94604	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94604",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94604"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94604",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94604"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5882",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94604",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94604"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5882",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6113 (GCVE-0-2016-6113)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-06 01:22

Severity ?

CWE

Cross-Site Scripting

Summary

IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94603	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94603",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94603"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94603",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94603"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94603",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94603"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6113",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1325 (GCVE-0-2017-1325)

Vulnerability from cvelistv5

Published

2017-05-26 16:00

Modified

2024-08-05 13:32

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038600	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg22003497	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/125976	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 8.5.2.1 Version: 8.5.3.1 Version: 9.0.1.1 Version: 8.5.1.1 Version: 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038600",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003497"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125976"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "8.5.2.1"
            },
            {
              "status": "affected",
              "version": "8.5.3.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1038600",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003497"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125976"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "8.5.2.1"
                          },
                          {
                            "version_value": "8.5.3.1"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038600",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038600"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003497",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003497"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125976",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125976"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1325",
    "datePublished": "2017-05-26T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:28.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2939 (GCVE-0-2016-2939)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-05 23:40

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/94605	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	Domino	Version: 8.5.3.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5 Version: 9.0 Version: 8.5.1 Version: 8.5.2 Version: 8.5.3 Version: 9.0.1.1 Version: 8.0.2 Version: 8.0 Version: 8.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.2 Version: 8.5.0.1 Version: 9.0.1.3 Version: 8.5.1.4 Version: 9.0.1.4 Version: 9.0.1.5 Version: 8.5.1.1 Version: 9.0.1.6 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94605",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94605"
          },
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Domino",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.5.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.5.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.6"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94605",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94605"
        },
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2939",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.2"
                          },
                          {
                            "version_value": "8.5.0.1"
                          },
                          {
                            "version_value": "9.0.1.3"
                          },
                          {
                            "version_value": "8.5.1.4"
                          },
                          {
                            "version_value": "9.0.1.4"
                          },
                          {
                            "version_value": "9.0.1.5"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.6"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94605",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94605"
            },
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2939",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5881 (GCVE-0-2016-5881)

Vulnerability from cvelistv5

Published

2017-02-01 22:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securitytracker.com/id/1037592	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21995122	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95459	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM Corporation	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.0.2 Version: 8.5.3.6 Version: 9.0.1 Version: 8.58.5.3 Version: Fix Version: Pack Version: 6 Version: Interim Version: 1 Version: 8.5.x Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:09.894Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037592",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037592"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21995122"
          },
          {
            "name": "95459",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95459"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.58.5.3"
            },
            {
              "status": "affected",
              "version": "Fix"
            },
            {
              "status": "affected",
              "version": "Pack"
            },
            {
              "status": "affected",
              "version": "6"
            },
            {
              "status": "affected",
              "version": "Interim"
            },
            {
              "status": "affected",
              "version": "1"
            },
            {
              "status": "affected",
              "version": "8.5.x"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1037592",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037592"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21995122"
        },
        {
          "name": "95459",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95459"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5881",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.58.5.3"
                          },
                          {
                            "version_value": "Fix"
                          },
                          {
                            "version_value": "Pack"
                          },
                          {
                            "version_value": "6"
                          },
                          {
                            "version_value": "Interim"
                          },
                          {
                            "version_value": "1"
                          },
                          {
                            "version_value": "8.5.x"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037592",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037592"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21995122",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21995122"
            },
            {
              "name": "95459",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95459"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5881",
    "datePublished": "2017-02-01T22:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:09.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1421 (GCVE-0-2017-1421)

Vulnerability from cvelistv5

Published

2017-12-13 18:00

Modified

2024-09-17 03:28

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securityfocus.com/bid/102153	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22005234	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040015	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/127411	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 8.5.2.1 Version: 8.5.3.1 Version: 9.0.1.1 Version: 8.5.1.1 Version: 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102153",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005234"
          },
          {
            "name": "1040015",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040015"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127411"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "8.5.2.1"
            },
            {
              "status": "affected",
              "version": "8.5.3.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-15T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "102153",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005234"
        },
        {
          "name": "1040015",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040015"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127411"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-11-28T00:00:00",
          "ID": "CVE-2017-1421",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "8.5.2.1"
                          },
                          {
                            "version_value": "8.5.3.1"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102153",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102153"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005234",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005234"
            },
            {
              "name": "1040015",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040015"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127411",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127411"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1421",
    "datePublished": "2017-12-13T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:28:55.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1130 (GCVE-0-2017-1130)

Vulnerability from cvelistv5

Published

2017-09-05 21:00

Modified

2024-09-16 21:58

Severity ?

CWE

Denial of Service

Summary

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/121371	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg21999384	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/42604/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/100632	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Notes	Version: 8.5.3.6 Version: 8.5.2.4 Version: 9.0 Version: 9.0.1.8 Version: 8.5.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21999384"
          },
          {
            "name": "42604",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42604/"
          },
          {
            "name": "100632",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100632"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Notes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            },
            {
              "status": "affected",
              "version": "8.5.2.1"
            }
          ]
        }
      ],
      "datePublic": "2017-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21999384"
        },
        {
          "name": "42604",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42604/"
        },
        {
          "name": "100632",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100632"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-08-31T00:00:00",
          "ID": "CVE-2017-1130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Notes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.1.8"
                          },
                          {
                            "version_value": "8.5.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21999384",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21999384"
            },
            {
              "name": "42604",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42604/"
            },
            {
              "name": "100632",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100632"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1130",
    "datePublished": "2017-09-05T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T21:58:13.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0589 (GCVE-0-2013-0589)

Vulnerability from cvelistv5

Published

2018-07-11 16:00

Modified

2024-08-06 14:33

Severity ?

CWE

n/a

Summary

IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

References

►

URL

Tags

	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/83371	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
          },
          {
            "name": "ibm-inotes-cve20130589-info-disclosure(83371)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
        },
        {
          "name": "ibm-inotes-cve20130589-info-disclosure(83371)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
            },
            {
              "name": "ibm-inotes-cve20130589-info-disclosure(83371)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0589",
    "datePublished": "2018-07-11T16:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2938 (GCVE-0-2016-2938)

Vulnerability from cvelistv5

Published

2017-02-01 20:00

Modified

2024-08-05 23:40

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.securitytracker.com/id/1037383	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/94600	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg21992835	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7	Version: IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037383"
          },
          {
            "name": "94600",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1037383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037383"
        },
        {
          "name": "94600",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IBM Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037383",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037383"
            },
            {
              "name": "94600",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94600"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2938",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1214 (GCVE-0-2017-1214)

Vulnerability from cvelistv5

Published

2017-06-12 19:00

Modified

2024-08-05 13:25

Severity ?

CWE

Obtain Information

Summary

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

References

►

URL

Tags

	http://www.securitytracker.com/id/1038654	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/123854	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22002015	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 8.5.2.1 Version: 8.5.3.1 Version: 9.0.1.1 Version: 8.5.1.1 Version: 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038654",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038654"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123854"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22002015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "8.5.2.1"
            },
            {
              "status": "affected",
              "version": "8.5.3.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1038654",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038654"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123854"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22002015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1214",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "8.5.2.1"
                          },
                          {
                            "version_value": "8.5.3.1"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038654",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038654"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123854",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123854"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22002015",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22002015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1214",
    "datePublished": "2017-06-12T19:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5883 (GCVE-0-2016-5883)

Vulnerability from cvelistv5

Published

2017-02-23 16:00

Modified

2024-08-06 01:15

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.

References

►

URL

Tags

	http://www.securityfocus.com/bid/96168	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037790	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg21997010	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.0.2 Version: 8.5.3.6 Version: 9.0.1 Version: 8.58.5.3 Version: Fix Version: Pack Version: 6 Version: Interim Version: 1 Version: 8.5.x Version: 8.5.1.5 Version: 8.5.2.4 Version: 9.0.1.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:09.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96168",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96168"
          },
          {
            "name": "1037790",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.0.2"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.58.5.3"
            },
            {
              "status": "affected",
              "version": "Fix"
            },
            {
              "status": "affected",
              "version": "Pack"
            },
            {
              "status": "affected",
              "version": "6"
            },
            {
              "status": "affected",
              "version": "Interim"
            },
            {
              "status": "affected",
              "version": "1"
            },
            {
              "status": "affected",
              "version": "8.5.x"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "9.0.1.7"
            }
          ]
        }
      ],
      "datePublic": "2017-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "96168",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96168"
        },
        {
          "name": "1037790",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5883",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.0.2"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.58.5.3"
                          },
                          {
                            "version_value": "Fix"
                          },
                          {
                            "version_value": "Pack"
                          },
                          {
                            "version_value": "6"
                          },
                          {
                            "version_value": "Interim"
                          },
                          {
                            "version_value": "1"
                          },
                          {
                            "version_value": "8.5.x"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "9.0.1.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96168",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96168"
            },
            {
              "name": "1037790",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037790"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997010",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5883",
    "datePublished": "2017-02-23T16:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:09.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1332 (GCVE-0-2017-1332)

Vulnerability from cvelistv5

Published

2017-07-31 21:00

Modified

2024-09-16 17:33

Severity ?

CWE

Cross-Site Scripting

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22005233	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/126234	x_refsource_MISC
	http://www.securityfocus.com/bid/100028	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	iNotes	Version: 9.0 Version: 8.5.3 Version: 8.5.2 Version: 8.5.1 Version: 8.5 Version: 8.5.3.6 Version: 9.0.1 Version: 8.5.1.5 Version: 8.5.2.4 Version: 8.5.2.1 Version: 8.5.3.1 Version: 9.0.1.1 Version: 8.5.1.1 Version: 9.0.1.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005233"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234"
          },
          {
            "name": "100028",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100028"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iNotes",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "8.5.3"
            },
            {
              "status": "affected",
              "version": "8.5.2"
            },
            {
              "status": "affected",
              "version": "8.5.1"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "8.5.3.6"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.5"
            },
            {
              "status": "affected",
              "version": "8.5.2.4"
            },
            {
              "status": "affected",
              "version": "8.5.2.1"
            },
            {
              "status": "affected",
              "version": "8.5.3.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.1"
            },
            {
              "status": "affected",
              "version": "8.5.1.1"
            },
            {
              "status": "affected",
              "version": "9.0.1.8"
            }
          ]
        }
      ],
      "datePublic": "2017-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-01T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005233"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234"
        },
        {
          "name": "100028",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100028"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-07-25T00:00:00",
          "ID": "CVE-2017-1332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iNotes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "8.5.3"
                          },
                          {
                            "version_value": "8.5.2"
                          },
                          {
                            "version_value": "8.5.1"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "8.5.3.6"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.5.1.5"
                          },
                          {
                            "version_value": "8.5.2.4"
                          },
                          {
                            "version_value": "8.5.2.1"
                          },
                          {
                            "version_value": "8.5.3.1"
                          },
                          {
                            "version_value": "9.0.1.1"
                          },
                          {
                            "version_value": "8.5.1.1"
                          },
                          {
                            "version_value": "9.0.1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005233",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005233"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234"
            },
            {
              "name": "100028",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100028"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1332",
    "datePublished": "2017-07-31T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:33:16.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94604	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94604	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5882",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.940",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94604"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94603	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94603	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Verse es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6113",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:02.427",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94603"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-05 21:29

Modified

2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21999384	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100632	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/121371	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.exploit-db.com/exploits/42604/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21999384	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100632	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/121371	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42604/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.4
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B100002-E6E8-4FB8-A1A8-02BFBB37A126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AF1F5E-1CAD-4C06-99CA-54B60CD5E099",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371."
    },
    {
      "lang": "es",
      "value": "IBM Notes 8.5 y 9.0 es vulnerable a denegaciones de servicio. Si se convence a un usuario para que haga clic en un enlace malicioso, podr\u00edan abrirse numerosas ventanas de di\u00e1logo de selecci\u00f3n de archivo. Esto podr\u00eda provocar que el cliente se bloquee y tenga que reiniciarse. IBM X-Force ID: 121371."
    }
  ],
  "id": "CVE-2017-1130",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-05T21:29:00.283",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999384"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100632"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42604/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42604/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94600	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94600	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-2938",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94600"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-23 16:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21997010	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/96168
psirt@us.ibm.com	http://www.securitytracker.com/id/1037790
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21997010	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96168
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037790

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010."
    },
    {
      "lang": "es",
      "value": "IBM iNotes 8.5 y 9.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript en la interfaz web alterando as\u00ed la funcionalidad prevista conduciendo potencialmente a divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM Reference #: 1997010."
    }
  ],
  "id": "CVE-2016-5883",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-23T16:59:00.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997010"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/96168"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037790"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94602	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94602	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5884",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.973",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94602"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-12 19:29

Modified

2025-04-20 01:37

Severity ?

5.7 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Summary

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22002015	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1038654
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/123854	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22002015	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038654
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/123854	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.0.1
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6
ibm	inotes	9.0.1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1726DB55-DE85-4A10-8912-59FFF5D0A87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "664379F7-CE42-4717-A887-F79E6AF8014E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854."
    },
    {
      "lang": "es",
      "value": "IBM iNotes 8.5 y 9.0 permite a un atacante remoto enviar emails malformados a la victima, entonces cuando sea abierto puede resultar en la revelaci\u00f3n de informaci\u00f3n. IBM X-Force ID: 123854."
    }
  ],
  "id": "CVE-2017-1214",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-12T19:29:00.213",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002015"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038654"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123854"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94605	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94605	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-2939",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.363",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94605"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-11 16:29

Modified

2024-11-21 01:47

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/83815	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/83815	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.0.0.0
ibm	inotes	8.0.1.0
ibm	inotes	8.0.2.0
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.2.0
ibm	inotes	8.5.3.0
ibm	inotes	9.0.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A3B1B1-D7AD-439B-B34E-47A5711A2C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0412E062-0ED4-41F3-8F32-807A5AA3FE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43A49D7-6046-443C-96F5-E00905B22B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-Site Scripting (XSS) en IBM iNotes en versiones anteriores a la 8.5.3 Fix Pack 6 y versiones 9.x anteriores a la 9.0.1 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 83815."
    }
  ],
  "id": "CVE-2013-0592",
  "lastModified": "2024-11-21T01:47:49.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T16:29:00.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-31 21:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22005233	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100028	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/126234	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22005233	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100028	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/126234	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.4
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B100002-E6E8-4FB8-A1A8-02BFBB37A126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AF1F5E-1CAD-4C06-99CA-54B60CD5E099",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234."
    },
    {
      "lang": "es",
      "value": "IBM iNotes versiones 8.5 y 9.0, es vulnerable a un ataque de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 126234."
    }
  ],
  "id": "CVE-2017-1332",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-31T21:29:00.563",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005233"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100028"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 22:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21995122	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/95459	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037592
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21995122	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95459	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037592

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5881",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T22:59:00.417",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21995122"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95459"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21995122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037592"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-05-26 16:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22003497	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1038600
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/125976	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22003497	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038600
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/125976	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.0.1
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6
ibm	inotes	9.0.1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1726DB55-DE85-4A10-8912-59FFF5D0A87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "664379F7-CE42-4717-A887-F79E6AF8014E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976."
    },
    {
      "lang": "es",
      "value": "iNotes versiones 8.5 y 9.0 de IBM, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, y por lo tanto, alterar la funcionalidad prevista que podr\u00eda conllevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 125976."
    }
  ],
  "id": "CVE-2017-1325",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-26T16:29:00.257",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003497"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038600"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125976"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-08-03 15:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22003664	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100139
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/126062	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22003664	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100139
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/126062	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.4
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B100002-E6E8-4FB8-A1A8-02BFBB37A126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AF1F5E-1CAD-4C06-99CA-54B60CD5E099",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062."
    },
    {
      "lang": "es",
      "value": "IBM iNotes 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). La vulnerabilidad permite a los usuarios que incrusten c\u00f3digo JavaScript arbitrario en la interfaz web de usuario, alterando la funcionalidad y pudiendo provocar que se revelen las credenciales en una sesi\u00f3n abierta de confianza. IBM X-Force ID: 126062."
    }
  ],
  "id": "CVE-2017-1327",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-03T15:29:00.530",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003664"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/100139"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/100139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126062"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-11 16:29

Modified

2024-11-21 01:47

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/83383	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/83383	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.0.0.0
ibm	inotes	8.0.1.0
ibm	inotes	8.0.2.0
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.2.0
ibm	inotes	8.5.3.0
ibm	inotes	9.0.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A3B1B1-D7AD-439B-B34E-47A5711A2C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0412E062-0ED4-41F3-8F32-807A5AA3FE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43A49D7-6046-443C-96F5-E00905B22B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de redirecci\u00f3n abierta en IBM iNotes en versiones anteriores a la 8.5.3 Fix Pack 6 y versiones 9.x anteriores a la 9.0.1 permite que los atacantes remotos redireccionen a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. IBM X-Force ID: 83383."
    }
  ],
  "id": "CVE-2013-0594",
  "lastModified": "2024-11-21T01:47:49.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T16:29:00.347",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83383"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-12-13 18:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22005234	Issue Tracking, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/102153	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1040015	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/127411	Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22005234	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102153	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040015	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/127411	Issue Tracking, VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.5
ibm	inotes	8.5.1
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.4
ibm	inotes	8.5.3
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.6
ibm	inotes	9.0
ibm	inotes	9.0.1
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DD8CB4-AA92-41D8-B3E6-B29D8DC1E5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1B12255-AA8B-4450-8859-6925E1BB09BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6832CDA7-2D26-4E1B-96B7-31B4CD0131E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B100002-E6E8-4FB8-A1A8-02BFBB37A126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9457616-9115-4AAB-9B77-2AE93F420B90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D498E559-82B7-44FB-8129-97A9CFCCDC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E04AADE-5E62-4DFD-A88E-F78DB06ED505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AF1F5E-1CAD-4C06-99CA-54B60CD5E099",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2017-1421",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T18:29:00.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005234"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102153"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040015"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127411"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-31 18:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21998824	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/97151	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1038145
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21998824	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97151	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038145

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.0.1
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1726DB55-DE85-4A10-8912-59FFF5D0A87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824."
    },
    {
      "lang": "es",
      "value": "IBM iNotes 8.5 y 9.0 es vulnerable al env\u00edo de secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. IBM Reference #: 1998824."
    }
  ],
  "id": "CVE-2016-9990",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-31T18:59:00.390",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998824"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97151"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038145"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-11 16:29

Modified

2024-11-21 01:47

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/83371	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/83371	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www-01.ibm.com/support/docview.wss?uid=swg21671622	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	inotes	8.0.0.0
ibm	inotes	8.0.1.0
ibm	inotes	8.0.2.0
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.2.0
ibm	inotes	8.5.3.0
ibm	inotes	9.0.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A3B1B1-D7AD-439B-B34E-47A5711A2C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0412E062-0ED4-41F3-8F32-807A5AA3FE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43A49D7-6046-443C-96F5-E00905B22B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371."
    },
    {
      "lang": "es",
      "value": "IBM iNotes en versiones anteriores a la 8.5.3 Fix Pack 6 y versiones 9.x anteriores a la 9.0.1 permite que atacantes remotos omitan el mecanismo de filtrado remoto de im\u00e1genes y obtener informaci\u00f3n sensible mediante un mensaje de email manipulado. IBM X-Force ID: 83371."
    }
  ],
  "id": "CVE-2013-0589",
  "lastModified": "2024-11-21T01:47:48.797",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T16:29:00.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 14:15

Modified

2024-11-21 03:22

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."

References

▶	URL	Tags
	psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080512	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080512	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	inotes	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D08CBA-AC08-4494-8961-8BA363DBBA23",
              "versionEndIncluding": "9.0.1.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.\""
    },
    {
      "lang": "es",
      "value": "\"HCL iNotes es susceptible a una vulnerabilidad de tipo Cross-Site Scripting (XSS). Un atacante podr\u00eda usar esta vulnerabilidad para robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima\""
    }
  ],
  "id": "CVE-2017-1659",
  "lastModified": "2024-11-21T03:22:11.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T14:15:13.747",
  "references": [
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080512"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-02-01 20:59

Modified

2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/94606	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1037383
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21992835	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94606	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037383

Impacted products

Vendor	Product	Version
ibm	domino	8.5.1.0
ibm	domino	8.5.1.1
ibm	domino	8.5.1.2
ibm	domino	8.5.1.3
ibm	domino	8.5.1.4
ibm	domino	8.5.1.5
ibm	domino	8.5.2.0
ibm	domino	8.5.2.1
ibm	domino	8.5.2.2
ibm	domino	8.5.2.3
ibm	domino	8.5.2.4
ibm	domino	8.5.3.0
ibm	domino	8.5.3.1
ibm	domino	8.5.3.2
ibm	domino	8.5.3.3
ibm	domino	8.5.3.4
ibm	domino	8.5.3.5
ibm	domino	8.5.3.6
ibm	domino	9.0.0.0
ibm	domino	9.0.1.0
ibm	domino	9.0.1.1
ibm	domino	9.0.1.2
ibm	domino	9.0.1.3
ibm	domino	9.0.1.4
ibm	domino	9.0.1.5
ibm	domino	9.0.1.6
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.2
ibm	inotes	8.5.1.3
ibm	inotes	8.5.1.4
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.2
ibm	inotes	8.5.2.3
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.2
ibm	inotes	8.5.3.3
ibm	inotes	8.5.3.4
ibm	inotes	8.5.3.5
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.2
ibm	inotes	9.0.1.3
ibm	inotes	9.0.1.4
ibm	inotes	9.0.1.5
ibm	inotes	9.0.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61387F03-916A-49FA-8B81-7145CEB5902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20872C07-8850-4DE0-BE9E-D57E28B6647D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89453928-C022-45DD-9277-D8CF669DDB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE43FE8-8EC1-4774-93A2-E829098C9CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD0259-8096-41CD-BA06-58E26F2821C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28326C23-64DA-4FA0-9F3D-7660FC17C2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EAEF94-7243-47C2-A934-A10AA65559A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E3BD0F-DC7F-47C1-A86A-9B1627FBE941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68862417-67DC-462A-8557-E1E371926FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E251CBF-CA6A-4675-B7FA-B68EC44ADA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8270B1C-31E1-47F6-B641-8A4291EBEF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B62FD4B-A8B0-4215-A22C-241EE84A4C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A913396-D7C3-4088-A4E8-93BF3ADB9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FAF950-ECA1-4DC1-ABC7-18C073209ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40437DB7-17EB-4C53-9D71-624D01068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "677DDC3B-3B08-407F-8543-7A78B38B4F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74523E-57BE-4B0B-B639-32927336C862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E7EBE-CEA6-4FF8-954A-2A43617FB1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "30460A5C-2D97-42B5-A190-5E0862E87EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31391143-EE89-4521-81F4-43455AAF7D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5344290B-F139-4367-B976-C2E8007487F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5880",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.893",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94606"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-05 21:29

Modified

2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21999385	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22002103	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/121370	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.exploit-db.com/exploits/42602/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21999385	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22002103	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/121370	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42602/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	inotes	8.5.0.0
ibm	inotes	8.5.1.0
ibm	inotes	8.5.1.1
ibm	inotes	8.5.1.5
ibm	inotes	8.5.2.0
ibm	inotes	8.5.2.1
ibm	inotes	8.5.2.4
ibm	inotes	8.5.3.0
ibm	inotes	8.5.3.1
ibm	inotes	8.5.3.6
ibm	inotes	9.0.0.0
ibm	inotes	9.0.1.0
ibm	inotes	9.0.1.1
ibm	inotes	9.0.1.8
ibm	expeditor	6.2.1
ibm	expeditor	6.2.2
ibm	expeditor	6.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE6AAC-7B25-40EA-9D25-128D743F18A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF4C09-76B3-4CCA-9EBA-530B4CB0314D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0FE386-25E0-452F-A0E4-C54901C8870B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC844FD9-65ED-4223-8B60-29EDC5EBEB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B097CA3C-2ABA-489E-86C1-EEF891AF7094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F15C5B-D465-4AE6-B70B-E03EE32A0D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B100002-E6E8-4FB8-A1A8-02BFBB37A126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF2543-619A-49EA-909C-49C82397A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "975E8316-D4C3-40B7-8E57-E871D0327271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C5AFE-62C7-4A6C-991B-222FF28DF92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C11BF-8A63-4ED9-871D-C3366D766CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:inotes:9.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AF1F5E-1CAD-4C06-99CA-54B60CD5E099",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:expeditor:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "387A02F1-7113-4B16-8A96-3ADA514CCE27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:expeditor:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20000BBC-F785-4CF8-99E9-A2929F69A8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:expeditor:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "35E52005-A232-4950-8338-18CC7EE48F7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370."
    },
    {
      "lang": "es",
      "value": "IBM Notes 8.5 y 9.0 es vulnerable a denegaciones de servicio. Si se convence a un usuario para que haga clic en un enlace malicioso, esto podr\u00eda dar lugar a que el cliente de Notes se bloquee y tenga que reiniciarse. IBM X-Force ID: 121370."
    }
  ],
  "id": "CVE-2017-1129",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-05T21:29:00.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999385"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002103"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121370"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42602/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42602/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to ibm - inotes

CVE-2017-1327 (GCVE-0-2017-1327)

Vulnerability from cvelistv5

CVE-2013-0592 (GCVE-0-2013-0592)

Vulnerability from cvelistv5

CVE-2013-0594 (GCVE-0-2013-0594)

Vulnerability from cvelistv5

CVE-2016-5880 (GCVE-0-2016-5880)

Vulnerability from cvelistv5

CVE-2017-1129 (GCVE-0-2017-1129)

Vulnerability from cvelistv5

CVE-2017-1659 (GCVE-0-2017-1659)

Vulnerability from cvelistv5

CVE-2016-9990 (GCVE-0-2016-9990)

Vulnerability from cvelistv5

CVE-2016-5884 (GCVE-0-2016-5884)

Vulnerability from cvelistv5

CVE-2016-5882 (GCVE-0-2016-5882)

Vulnerability from cvelistv5

CVE-2016-6113 (GCVE-0-2016-6113)

Vulnerability from cvelistv5

CVE-2017-1325 (GCVE-0-2017-1325)

Vulnerability from cvelistv5

CVE-2016-2939 (GCVE-0-2016-2939)

Vulnerability from cvelistv5

CVE-2016-5881 (GCVE-0-2016-5881)

Vulnerability from cvelistv5

CVE-2017-1421 (GCVE-0-2017-1421)

Vulnerability from cvelistv5

CVE-2017-1130 (GCVE-0-2017-1130)

Vulnerability from cvelistv5

CVE-2013-0589 (GCVE-0-2013-0589)

Vulnerability from cvelistv5

CVE-2016-2938 (GCVE-0-2016-2938)

Vulnerability from cvelistv5

CVE-2017-1214 (GCVE-0-2017-1214)

Vulnerability from cvelistv5

CVE-2016-5883 (GCVE-0-2016-5883)

Vulnerability from cvelistv5

CVE-2017-1332 (GCVE-0-2017-1332)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd