Security Alert (A18-03-01): Multiple Vulnerabilities in IBM Notes
09 March 2018
Multiple vulnerabilities are found in IBM Notes and its System Diagnostics service. To exploit the vulnerability in the IBM Notes, a remote attacker could entice a target user to open a malicious file in an attacker-controlled directory. For the System Diagnostics service, a local attacker could deliberately modify a file saved on the target computer to exploit the vulnerability.
IBM Notes 9.0.1 to IBM Notes 9.0.1 Fix Pack 10 Interim Fix 1
IBM Notes 9.0 to IBM Notes 9.0 Interim Fix 4
IBM Notes 8.5.3 to IBM Notes 8.5.3 Fix Pack 6 Interim Fix 15
IBM Notes 8.5.2 to IBM Notes 8.5.2 Fix Pack 4 Interim Fix 3
IBM Notes 8.5.1 to IBM Notes 8.5.1 Fix Pack 5 Interim Fix 3
IBM Notes 8.5 release
Depending on the vulnerabilities exploited, successful exploitation of the vulnerabilities could lead to arbitrary code execution, privilege escalation and denial of service.
The vendor has released fixes to address the issues and they can be downloaded at the following URLs:
IBM Notes Standard 9.0.1 Fix Pack 10 Interim Fix 2 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FLotus%2FLotus+Notes&fixids=Notes_901FP10IF2_W32_Standard&source=SAR