DLL Hijacking Vulnerability in IBM iNotes by IBM
CVE-2017-1711

7.8HIGH

Key Information:

Vendor: IBM
Status: Client Application Access; Notes
Vendor: CVE Published:; 13 February 2018

🔔 Create IBM Vulnerability Alert

What is CVE-2017-1711?

IBM iNotes versions 8.5 and 9.0 are susceptible to a DLL hijacking vulnerability that allows an attacker to execute arbitrary code. This occurs when iNotes is tricked into loading a malicious DLL file disguised as a legitimate Windows DLL from the temp directory. Proper validation and security configurations are essential to prevent the exploitation of this vulnerability.

Affected Version(s)

Client Application Access 1.0.0.1

Client Application Access 1.0.1.1

Client Application Access 1.0.1.2

References

http://www.ibm.com/support/docview.wss?uid=swg22010774

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg22010775

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/134532

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2018
Vulnerability Reserved
Nov 30, 2016

.

CVE-2017-1711 : DLL Hijacking Vulnerability in IBM iNotes by IBM