CVE-2017-1129

EPSS 30.1%

In short

IBM Notes 8.5 and 9.0 can crash if a user clicks a malicious link, forcing them to restart the application. This is a denial of service that disrupts work.

Technical detail

A malicious link can trigger a denial of service condition in IBM Notes 8.5 and 9.0, causing the client to hang and become unresponsive. The attack vector is user interaction (clickable link), requiring social engineering to convince the user to click the malicious URL. The impact is application unavailability.

Summary generated and translated by AI from the official description.

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

Affected products

IBM · Lotus Expeditor IBM · Notes

public PoCs found — 3

cve_referencewww.exploit-db.com/exploits/42602/unverified exploitdbwww.exploit-db.com/exploits/42602unverified exploitdbwww.exploit-db.com/exploits/42969unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/121370 https://www.exploit-db.com/exploits/42602/http://www.ibm.com/support/docview.wss?uid=swg21999385 http://www.ibm.com/support/docview.wss?uid=swg22002103