Search criteria
21 vulnerabilities found for client_application_access by ibm
FKIE_CVE-2018-1410
Vulnerability from fkie_nvd - Published: 2018-02-19 14:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72683B62-0BB1-4FB2-8661-447FCF535885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBB9A06-5600-4174-A4A5-C85059DDE4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99D14E8F-303F-4BE3-9BC4-0646B71A8660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9ABFF78-233F-4413-AE17-C290D50E2E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C0946E0E-508F-49D0-BBA8-8CB725BDD3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCFCE2-5023-4519-B42A-F9B7F818BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62A11E-6224-4BC8-A46B-74A44D2F6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
},
{
"lang": "es",
"value": "IBM Notes Diagnostics (IBM Client Application Access e IBM Notes) podr\u00eda permitir que un usuario local ejecute comandos en el sistema. Esto se logra al manipular una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida, la cual podr\u00eda ser forzada por el atacante para que ejecute un archivo ejecutable. IBM X-Force ID: 138709."
}
],
"id": "CVE-2018-1410",
"lastModified": "2024-11-21T03:59:45.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T14:29:00.630",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1411
Vulnerability from fkie_nvd - Published: 2018-02-19 14:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138710 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138710 | VDB Entry, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72683B62-0BB1-4FB2-8661-447FCF535885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBB9A06-5600-4174-A4A5-C85059DDE4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99D14E8F-303F-4BE3-9BC4-0646B71A8660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9ABFF78-233F-4413-AE17-C290D50E2E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C0946E0E-508F-49D0-BBA8-8CB725BDD3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCFCE2-5023-4519-B42A-F9B7F818BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62A11E-6224-4BC8-A46B-74A44D2F6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
},
{
"lang": "es",
"value": "IBM Notes Diagnostics (IBM Client Application Access e IBM Notes) podr\u00eda permitir que un usuario local ejecute comandos en el sistema. Esto se logra al manipular una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida, la cual podr\u00eda ser forzada por el atacante para que ejecute un archivo ejecutable. IBM X-Force ID: 138710."
}
],
"id": "CVE-2018-1411",
"lastModified": "2024-11-21T03:59:46.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T14:29:00.693",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1409
Vulnerability from fkie_nvd - Published: 2018-02-19 14:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72683B62-0BB1-4FB2-8661-447FCF535885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBB9A06-5600-4174-A4A5-C85059DDE4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99D14E8F-303F-4BE3-9BC4-0646B71A8660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9ABFF78-233F-4413-AE17-C290D50E2E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C0946E0E-508F-49D0-BBA8-8CB725BDD3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCFCE2-5023-4519-B42A-F9B7F818BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62A11E-6224-4BC8-A46B-74A44D2F6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
},
{
"lang": "es",
"value": "IBM Notes Diagnostics (IBM Client Application Access e IBM Notes) podr\u00eda permitir que un usuario local ejecute comandos en el sistema. Esto se logra al manipular una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida, la cual podr\u00eda ser forzada por el atacante para que ejecute un archivo ejecutable. IBM X-Force ID: 138708."
}
],
"id": "CVE-2018-1409",
"lastModified": "2024-11-21T03:59:45.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T14:29:00.583",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1711
Vulnerability from fkie_nvd - Published: 2018-02-13 20:29 - Updated: 2024-11-21 03:22
Severity ?
Summary
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010774 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010775 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134532 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010774 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010775 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134532 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | notes | 8.5.0.0 | |
| ibm | notes | 8.5.1.0 | |
| ibm | notes | 8.5.2.0 | |
| ibm | notes | 8.5.3.0 | |
| ibm | notes | 9.0.0.0 | |
| ibm | notes | 9.0.1.0 | |
| ibm | client_application_access | 1.0.1.0 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0295E4E8-6A3E-44AE-935A-3BF4282AA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFB0E44-E747-4685-8273-EF12E556D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB11113-37E2-4A92-A100-BA2BD01043FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02D60EB9-26DF-4B03-923B-12DE5D8E5D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9327CB4C-30F0-47E0-9D3D-445CE49F6C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B784D714-6267-4314-AAC1-E8D1E8479F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFB3033-7E8C-4042-A93D-0D9E43456120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B201085B-5565-45DA-B82B-8E34B808B5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "C4E31A15-D77C-4DF7-A0A3-B4FA3D87892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "B20619CD-4A2C-499D-9349-81283A76B0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
},
{
"lang": "es",
"value": "Las versiones 8.5 y 9.0 de IBM iNotes SUService pueden manipularse para que ejecuten c\u00f3digo malicioso de un DLL disfrazado de DLL de windows en el directorio temp. IBM X-Force ID: 134532."
}
],
"id": "CVE-2017-1711",
"lastModified": "2024-11-21T03:22:15.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T20:29:00.263",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1720
Vulnerability from fkie_nvd - Published: 2018-02-13 20:29 - Updated: 2024-11-21 03:22
Severity ?
Summary
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134807 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010766 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010767 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134807 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | notes | 8.5.0.0 | |
| ibm | notes | 8.5.1.0 | |
| ibm | notes | 8.5.2.0 | |
| ibm | notes | 8.5.3.0 | |
| ibm | notes | 9.0.0.0 | |
| ibm | notes | 9.0.1.0 | |
| ibm | client_application_access | 1.0.1.0 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0295E4E8-6A3E-44AE-935A-3BF4282AA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFB0E44-E747-4685-8273-EF12E556D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB11113-37E2-4A92-A100-BA2BD01043FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02D60EB9-26DF-4B03-923B-12DE5D8E5D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9327CB4C-30F0-47E0-9D3D-445CE49F6C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B784D714-6267-4314-AAC1-E8D1E8479F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFB3033-7E8C-4042-A93D-0D9E43456120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B201085B-5565-45DA-B82B-8E34B808B5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "C4E31A15-D77C-4DF7-A0A3-B4FA3D87892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "B20619CD-4A2C-499D-9349-81283A76B0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
},
{
"lang": "es",
"value": "Las versiones 8.5 y 9.0 de IBM Notes podr\u00edan permitir que un atacante local ejecute comandos arbitrarios manipulando cuidadosamente una l\u00ednea de comandos enviada mediante el IPC de la memoria compartida. IBM X-Force ID: 134807."
}
],
"id": "CVE-2017-1720",
"lastModified": "2024-11-21T03:22:15.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T20:29:00.387",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1714
Vulnerability from fkie_nvd - Published: 2018-02-13 20:29 - Updated: 2024-11-21 03:22
Severity ?
Summary
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010776 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010777 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134633 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010776 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010777 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134633 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | notes | 8.5.0.0 | |
| ibm | notes | 8.5.1.0 | |
| ibm | notes | 8.5.2.0 | |
| ibm | notes | 8.5.3.0 | |
| ibm | notes | 9.0.0.0 | |
| ibm | notes | 9.0.1.0 | |
| ibm | client_application_access | 1.0.1.0 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.1 | |
| ibm | client_application_access | 1.0.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0295E4E8-6A3E-44AE-935A-3BF4282AA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFB0E44-E747-4685-8273-EF12E556D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB11113-37E2-4A92-A100-BA2BD01043FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02D60EB9-26DF-4B03-923B-12DE5D8E5D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9327CB4C-30F0-47E0-9D3D-445CE49F6C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B784D714-6267-4314-AAC1-E8D1E8479F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFB3033-7E8C-4042-A93D-0D9E43456120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B201085B-5565-45DA-B82B-8E34B808B5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.1:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "C4E31A15-D77C-4DF7-A0A3-B4FA3D87892E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.1.2:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "B20619CD-4A2C-499D-9349-81283A76B0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
},
{
"lang": "es",
"value": "IBM Notes and Domino NSD 8.5 y 9.0 podr\u00edan permitir que un usuario local autenticado sin privilegios administrativos obtenga privilegios System. IBM X-Force ID: 134633."
}
],
"id": "CVE-2017-1714",
"lastModified": "2024-11-21T03:22:15.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T20:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0270
Vulnerability from fkie_nvd - Published: 2017-02-08 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C10DAB-5579-4273-9B5E-58199A978DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAB1EE7-3835-4AD6-8F13-01C1CB62F98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "320A0EC3-D4DC-4CEC-B71A-47658A8C17AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
},
{
"lang": "es",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versi\u00f3n 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generaci\u00f3n aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticaci\u00f3n y suplantar datos aprovechando la reutilizaci\u00f3n de un nonce en una sesi\u00f3n y un \"ataque prohibido\". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilizaci\u00f3n de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix."
}
],
"id": "CVE-2016-0270",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-08T16:59:00.133",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1037795"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"source": "psirt@us.ibm.com",
"url": "https://support.citrix.com/article/CTX220329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.citrix.com/article/CTX220329"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1409 (GCVE-0-2018-1409)
Vulnerability from cvelistv5 – Published: 2018-02-19 14:00 – Updated: 2024-09-16 19:20
VLAI?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1409",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:20:33.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1410 (GCVE-0-2018-1410)
Vulnerability from cvelistv5 – Published: 2018-02-19 14:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1410",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:23:55.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1411 (GCVE-0-2018-1411)
Vulnerability from cvelistv5 – Published: 2018-02-19 14:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1411",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:51:25.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1720 (GCVE-0-2017-1720)
Vulnerability from cvelistv5 – Published: 2018-02-13 20:00 – Updated: 2024-09-16 22:20
VLAI?
Summary
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1720",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:20:55.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1714 (GCVE-0-2017-1714)
Vulnerability from cvelistv5 – Published: 2018-02-13 20:00 – Updated: 2024-09-17 02:56
VLAI?
Summary
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010777",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010776",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1714",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:56:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1711 (GCVE-0-2017-1711)
Vulnerability from cvelistv5 – Published: 2018-02-13 20:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010775",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1711",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T04:29:16.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0270 (GCVE-0-2016-0270)
Vulnerability from cvelistv5 – Published: 2017-02-08 16:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96062"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"name": "https://github.com/nonce-disrespect/nonce-disrespect",
"refsource": "MISC",
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"name": "https://support.citrix.com/article/CTX220329",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220329"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0270",
"datePublished": "2017-02-08T16:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1409 (GCVE-0-2018-1409)
Vulnerability from nvd – Published: 2018-02-19 14:00 – Updated: 2024-09-16 19:20
VLAI?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138708"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1409",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:20:33.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1410 (GCVE-0-2018-1410)
Vulnerability from nvd – Published: 2018-02-19 14:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138709"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1410",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:23:55.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1411 (GCVE-0-2018-1411)
Vulnerability from nvd – Published: 2018-02-19 14:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138710"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1411",
"datePublished": "2018-02-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:51:25.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1720 (GCVE-0-2017-1720)
Vulnerability from nvd – Published: 2018-02-13 20:00 – Updated: 2024-09-16 22:20
VLAI?
Summary
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134807"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010766",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010766"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010767",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1720",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:20:55.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1714 (GCVE-0-2017-1714)
Vulnerability from nvd – Published: 2018-02-13 20:00 – Updated: 2024-09-17 02:56
VLAI?
Summary
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010777",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010777"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134633"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010776",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1714",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:56:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1711 (GCVE-0-2017-1711)
Vulnerability from nvd – Published: 2018-02-13 20:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Client Application Access |
Affected:
1.0.0.1
Affected: 1.0.1.1 Affected: 1.0.1.2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Application Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.2"
}
]
},
{
"product": "Notes",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.3.6"
},
{
"status": "affected",
"version": "8.5.1.5"
},
{
"status": "affected",
"version": "8.5.2.4"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.1.9"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010775",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1711",
"datePublished": "2018-02-13T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T04:29:16.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0270 (GCVE-0-2016-0270)
Vulnerability from nvd – Published: 2017-02-08 16:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96062"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96062"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604"
},
{
"name": "https://github.com/nonce-disrespect/nonce-disrespect",
"refsource": "MISC",
"url": "https://github.com/nonce-disrespect/nonce-disrespect"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673"
},
{
"name": "https://support.citrix.com/article/CTX220329",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220329"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669"
},
{
"name": "1037795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0270",
"datePublished": "2017-02-08T16:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}