Local Command Execution Vulnerability in IBM Notes by IBM
CVE-2017-1720

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Client Application Access
Notes
Vendor
CVE Published:
13 February 2018

Summary

IBM Notes versions 8.5 and 9.0 contain a vulnerability that enables local attackers to execute arbitrary commands. This can be achieved by crafting a malicious command line sent through shared memory inter-process communication (IPC), leading to potential unauthorized actions within the software. It's crucial for users of these versions to apply necessary security measures and updates to mitigate risks related to this vulnerability.

Affected Version(s)

Client Application Access 1.0.0.1

Client Application Access 1.0.1

Client Application Access 1.0.1.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/134807
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22010766
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg22010767
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.