Security Alert (A15-12-08): Vulnerability in IBM Notes and Domino
18 December 2015
IBM has published a security bulletin to address a vulnerability related to Apache Commons Collections used in Domino/Notes when handling Java object deserialization in the InvokerTransformer class. An attacker could send specially crafted data to affected system to execute arbitrary Java code.
IBM Domino 9.0.1 through 9.0.1 Fix Pack 4 Interim Fix 3
IBM Domino 9.0.0x
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 10
IBM Domino 8.5.2x, 8.5.1x
IBM Notes 9.0.1 through 9.0.1 Fix Pack 4 Interim Fix 2
IBM Notes 9.0.0x
IBM Notes 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 6
IBM Notes 8.5.2x, 8.5.1x
Successful exploitation could lead to arbitrary code execution.
The vendor has released fixes to address the issue and they can be downloaded at the following URL: