Denial of Service Vulnerability in IBM Notes by IBM
CVE-2017-1130

6.5MEDIUM

Key Information:

Vendor

IBM
Status
Notes
Vendor
CVE Published:
5 September 2017

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 65%

What is CVE-2017-1130?

IBM Notes versions 8.5 and 9.0 are susceptible to a denial of service vulnerability. An attacker can exploit this by convincing a user to click on a malicious link, which triggers multiple file select dialog boxes to open. This overwhelming process causes the application to hang, requiring a restart of the client to regain functionality. Proper precautions should be taken to avoid such exploits.

Affected Version(s)

Notes 8.5.3.6

Notes 8.5.2.4

Notes 9.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-1130 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/121371
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg21999384
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/42604/
exploitx_refsource_EXPLOIT-DB

EPSS Score

65% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.