CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1720
https://notcve.org/view.php?id=CVE-2017-1720
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807. Las versiones 8.5 y 9.0 de IBM Notes podrían permitir que un atacante local ejecute comandos arbitrarios manipulando cuidadosamente una línea de comandos enviada mediante el IPC de la memoria compartida. IBM X-Force ID: 134807. • http://www.ibm.com/support/docview.wss?uid=swg22010766 http://www.ibm.com/support/docview.wss?uid=swg22010767 https://exchange.xforce.ibmcloud.com/vulnerabilities/134807 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0270
https://notcve.org/view.php?id=CVE-2016-0270
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versión 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generación aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando la reutilización de un nonce en una sesión y un "ataque prohibido". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilización de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix. • http://www-01.ibm.com/support/docview.wss?uid=swg21979604 http://www-01.ibm.com/support/docview.wss?uid=swg21979669 http://www-01.ibm.com/support/docview.wss?uid=swg21979673 http://www.securityfocus.com/bid/96062 http://www.securitytracker.com/id/1037795 https://github.com/nonce-disrespect/nonce-disrespect https://support.citrix.com/article/CTX220329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •