Security Alert (A15-12-01): Multiple Vulnerabilities in IBM Notes and Domino
02 December 2015
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (October 2015) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.
IBM Notes and Domino 9.0.1 through Notes 9.0.1 Fix Pack 4 Interim Fix 2 and Domino 9.0.1 Fixed Pack 4 Interim Fix 3
IBM Notes and Domino 8.5.3 through Notes 8.5.3 Fix Pack 6 Interim Fix 6 and Domino 8.5.3 Fixed Pack 6 Interim Fix 10
All 9.0 and 8.5.x releases of IBM Notes and Domino prior to those listed above
Successful exploitation could lead to retrieval of sensitive information and system crash.
The vendor has released fixes to address the issue and they can be downloaded at the following URL: