IBM Domino includes a version of XStream which could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities.
CVE(s): CVE-2016-3674
Affected product(s) and affected version(s):
| Product | Version | Fix Download Link |
| IBM Domino | 901 FP6 Interim Fix 2 | http://ift.tt/2a9J1Z2 |
| IBM Domino | 853 FP6 Interim Fix 14 | http://ift.tt/29Pdo3f |
Customers who remain on the following releases may open a Service Request with IBM Support and reference SPR KLYHA8XLA2 for custom fixes.
- IBM Domino 9.0.1 FP6 IF1and earlier releases
- IBM Domino 9.0 IF4 and earlier releases
- IBM Domino 8.5.3 FP6 IF13 and earlier releases
- IBM Domino 8.5 release
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29hwJ0Y
X-Force Database: http://ift.tt/29PdtE9
from IBM Product Security Incident Response Team http://ift.tt/2a9HpyE
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.