← Back

CVE-2016-0304

nvd nist
Published: Jun 29, 2016Modified: May 6, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

Affected (25)

Products: Ibm: Domino
Ibm
1 product
Domino
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Domino
Version 8.5.3.1
Domino
Version 8.5.3.2
Domino
Version 8.5.3.3
Domino
Version 8.5.3.4
Domino
Version 8.5.3.5
Domino
Version 8.5.3.6
Domino
Version 8.5.3
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Domino
Version 8.5.2.1
Domino
Version 8.5.2.2
Domino
Version 8.5.2.3
Domino
Version 8.5.2.4
Domino
Version 8.5.2
Configuration C
6 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Domino
Version 8.5.1.1
Domino
Version 8.5.1.2
Domino
Version 8.5.1.3
Domino
Version 8.5.1.4
Domino
Version 8.5.1.5
Domino
Version 8.5.1
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Domino
Version 8.5.0
Configuration E
6 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Domino
Version 9.0.1.1
Domino
Version 9.0.1.2
Domino
Version 9.0.1.3
Domino
Version 9.0.1.4
Domino
Version 9.0.1.5
Domino
Version 9.0.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.