8.1

CVE-2016-0304

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

Data is provided by the National Vulnerability Database (NVD)
IbmDomino Version8.5.3
IbmDomino Version8.5.3.1
IbmDomino Version8.5.3.2
IbmDomino Version8.5.3.3
IbmDomino Version8.5.3.4
IbmDomino Version8.5.3.5
IbmDomino Version8.5.3.6
IbmDomino Version8.5.2
IbmDomino Version8.5.2.1
IbmDomino Version8.5.2.2
IbmDomino Version8.5.2.3
IbmDomino Version8.5.2.4
IbmDomino Version8.5.1
IbmDomino Version8.5.1.1
IbmDomino Version8.5.1.2
IbmDomino Version8.5.1.3
IbmDomino Version8.5.1.4
IbmDomino Version8.5.1.5
IbmDomino Version8.5.0
IbmDomino Version9.0.1
IbmDomino Version9.0.1.1
IbmDomino Version9.0.1.2
IbmDomino Version9.0.1.3
IbmDomino Version9.0.1.4
IbmDomino Version9.0.1.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.11% 0.761
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.