Authentication Bypass Vulnerability in IBM Domino
CVE-2016-0304

8.1HIGH

Key Information:

Vendor: IBM
Status: Domino
Vendor: CVE Published:; 29 June 2016

What is CVE-2016-0304?

The Java Console in IBM Domino versions prior to 8.5.3 FP6 IF13 and 9.0.1 FP6 suffers from a flaw when certain unsupported configurations involving UNC share pathnames are utilized. This vulnerability enables remote attackers to bypass authentication mechanisms, potentially leading to arbitrary code execution. The issue is attributed to an incomplete remedy for a previously identified vulnerability, which heightens the risk of exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21983328

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2016
Vulnerability Reserved
Dec 8, 2015