CVE-2016-0304

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

Published : 2016-06-29 01:59 Updated : 2019-10-16 12:40

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Ibm Domino 9.0.1 cpe:/a:ibm:domino:9.0.1
Ibm Domino 8.5.3.6 cpe:/a:ibm:domino:8.5.3.6
Ibm Domino 8.5.3.5 cpe:/a:ibm:domino:8.5.3.5
Ibm Domino 8.5.3.4 cpe:/a:ibm:domino:8.5.3.4
Ibm Domino 8.5.3.3 cpe:/a:ibm:domino:8.5.3.3
Ibm Domino 8.5.2.4 cpe:/a:ibm:domino:8.5.2.4
Ibm Domino 8.5.1.5 cpe:/a:ibm:domino:8.5.1.5
Ibm Domino 8.5.3.2 cpe:/a:ibm:domino:8.5.3.2
Ibm Domino 8.5.2.3 cpe:/a:ibm:domino:8.5.2.3
Ibm Domino 8.5.1.4 cpe:/a:ibm:domino:8.5.1.4
Ibm Domino 8.5.3.1 cpe:/a:ibm:domino:8.5.3.1
Ibm Domino 8.5.2.2 cpe:/a:ibm:domino:8.5.2.2
Ibm Domino 8.5.1.3 cpe:/a:ibm:domino:8.5.1.3
Ibm Domino 9.0.1.5 cpe:/a:ibm:domino:9.0.1.5
Ibm Domino 9.0.1.4 cpe:/a:ibm:domino:9.0.1.4
Ibm Domino 9.0.1.3 cpe:/a:ibm:domino:9.0.1.3
Ibm Domino 9.0.1.2 cpe:/a:ibm:domino:9.0.1.2
Ibm Domino 9.0.1.1 cpe:/a:ibm:domino:9.0.1.1
Ibm Domino 8.5.2 cpe:/a:ibm:domino:8.5.2
Ibm Domino 8.5.3 cpe:/a:ibm:domino:8.5.3
Ibm Domino 8.5.0 cpe:/a:ibm:domino:8.5.0
Ibm Domino 8.5.1 cpe:/a:ibm:domino:8.5.1
Ibm Domino 8.5.2.1 cpe:/a:ibm:domino:8.5.2.1
Ibm Domino 8.5.1.2 cpe:/a:ibm:domino:8.5.1.2
Ibm Domino 8.5.1.1 cpe:/a:ibm:domino:8.5.1.1
  1. Ibm (1) Search CVE
    1. Domino (25) Search CVE
      1. 9.0.1
      2. 8.5.3.6
      3. 8.5.3.5
      4. 8.5.3.4
      5. 8.5.3.3
      6. 8.5.2.4
      7. 8.5.1.5
      8. 8.5.3.2
      9. 8.5.2.3
      10. 8.5.1.4
      11. 8.5.3.1
      12. 8.5.2.2
      13. 8.5.1.3
      14. 9.0.1.5
      15. 9.0.1.4
      16. 9.0.1.3
      17. 9.0.1.2
      18. 9.0.1.1
      19. 8.5.2
      20. 8.5.3
      21. 8.5.0
      22. 8.5.1
      23. 8.5.2.1
      24. 8.5.1.2
      25. 8.5.1.1

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-10-16 12:40
2016-06-29 01:59

New CVE