CVE-2017-1129
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/121370
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22002103
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21999385
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | inotes | 8.5.0.0 | |
| ibm | inotes | 8.5.1.0 | |
| ibm | inotes | 8.5.1.1 | |
| ibm | inotes | 8.5.1.5 | |
| ibm | inotes | 8.5.2.0 | |
| ibm | inotes | 8.5.2.1 | |
| ibm | inotes | 8.5.2.4 | |
| ibm | inotes | 8.5.3.0 | |
| ibm | inotes | 8.5.3.1 | |
| ibm | inotes | 8.5.3.6 | |
| ibm | inotes | 9.0.0.0 | |
| ibm | inotes | 9.0.1.0 | |
| ibm | inotes | 9.0.1.1 | |
| ibm | inotes | 9.0.1.8 | |
| ibm | expeditor | 6.2.1 | |
| ibm | expeditor | 6.2.2 | |
| ibm | expeditor | 6.2.3 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg21999385
- http://www.ibm.com/support/docview.wss?uid=swg22002103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/121370
- https://www.exploit-db.com/exploits/42602/
- http://www.ibm.com/support/docview.wss?uid=swg21999385
- http://www.ibm.com/support/docview.wss?uid=swg22002103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/121370
- https://www.exploit-db.com/exploits/42602/
Verify integrity in audit chain (admin only). AS-IS.