GovCERT.HK - Security Alert (A17-08-02): Multiple Vulnerabilities in IBM Notes and Domino

Description:

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (April 2017) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.

Affected Systems:

IBM Notes 9.0.1 to IBM Notes 9.0.1 Fix Pack 8 Interim Fix 1
IBM Notes 8.5.3 to IBM Notes 8.5.3 Fix Pack 6 Interim Fix 14
IBM Domino 9.0.1 through 9.0.1 Feature Pack 8 Interim Fix 4
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 18
All 9.0.x, 9.0, 8.5.x and 8.5 releases of IBM Notes and Domino prior to those listed above

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of services, information disclosure or take control of affected system.

Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URLs:

JVM Patches for Notes and Domino 9.0.1.x
This link will open in a new windowhttp://www.ibm.com/support/docview.wss?uid=swg21657963
JVM Patches for Notes and Domino 8.5.3 Fix Pack 6
This link will open in a new windowhttp://www-01.ibm.com/support/docview.wss?uid=swg21663874

More Information:

Tag: IBM , IBM Notes , Domino