Credential Theft Vulnerability in IBM Domino Products
CVE-2016-6087

9.8CRITICAL

Key Information:

Vendor
IBM
Status
Domino
Vendor
CVE Published:
7 June 2017

Summary

A vulnerability in IBM Domino versions 8.5 and 9.0 allows attackers to exploit weaknesses in the TLS Key Exchange validation mechanism. By initiating multiple simultaneous sessions, an attacker can potentially capture sensitive information, including user credentials, leading to unauthorized access. Organizations using affected versions are encouraged to review their security configurations and apply recommended patches to mitigate the risk of credential theft.

Affected Version(s)

Domino 9.0.1

Domino 9.0

Domino 8.5.1

References

http://www.securitytracker.com/id/1038606
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/98794
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22002808
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.