CVE-2018-1409

7.8HIGH

Key Information:

Vendor: IBM
Status: Client Application Access; Notes
Vendor: CVE Published:; 19 February 2018

Summary

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.

Affected Version(s)

Client Application Access 1.0.0.1

Client Application Access 1.0.1

Client Application Access 1.0.1.2

References

http://www.ibm.com/support/docview.wss?uid=swg22010766

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/138708

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22010767

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2018
Vulnerability Reserved
Dec 13, 2017

.