Local Command Execution Vulnerability in IBM Notes by IBM
CVE-2017-1720

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
13 February 2018

Summary

IBM Notes versions 8.5 and 9.0 contain a vulnerability that enables local attackers to execute arbitrary commands. This can be achieved by crafting a malicious command line sent through shared memory inter-process communication (IPC), leading to potential unauthorized actions within the software. It's crucial for users of these versions to apply necessary security measures and updates to mitigate risks related to this vulnerability.

Affected Version(s)

Client Application Access 1.0.0.1

Client Application Access 1.0.1

Client Application Access 1.0.1.2

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.