Saturday, 2 July 2016

Domino 9.0.1 Fix Pack 6 Interim Fix 2 available for download on IBM Fix Central


Security Bulletin: IBM Domino is affected by an XStream XML information disclosure - CVE-2016-3674 (technote 1985960).
IBM Domino includes a version of XStream which could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities.


Vulnerability Details
CVE-ID: CVE-2016-3674
Description: XStream could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3 
CVSS Temporal Score: for more information  https://exchange.xforce.ibmcloud.com/vulnerabilities/111806 
CVSS Environmental Score*: Undefined 
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions
  • IBM Domino 9.0.1 FP6 IF1 and earlier releases 
  • IBM Domino 9.0. IF4 and earlier releases
  • IBM Domino 8.5.3 FP6 IF13 and earlier releases
  • IBM Domino 8.5 release

Remediation/Fixes


More information : Security Bulletin
Fix Central Download Link: Domino 9.0.1 Fix Pack 6 Interim Fix 2

Customers who remain on the following releases may open a Service Request with IBM Support and reference SPR KLYHA8XLA2 for custom fixes.
  • IBM Domino 9.0.1 FP6 IF1 and earlier releases
  • IBM Domino 9.0 IF4 and earlier releases
  • IBM Domino 8.5.3 FP6 IF13 and earlier releases
  • IBM Domino 8.5 release

Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support alerts like this.

No comments:

Post a Comment