// For flags

CVE-2016-0270

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versión 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generación aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando la reutilización de un nonce en una sesión y un "ataque prohibido". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilización de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-08 CVE Reserved
  • 2017-02-08 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Client Application Access
Search vendor "Ibm" for product "Client Application Access"
1.0.0.1
Search vendor "Ibm" for product "Client Application Access" and version "1.0.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Domino
Search vendor "Ibm" for product "Domino"
9.0.1.3
Search vendor "Ibm" for product "Domino" and version "9.0.1.3"
-
Affected
Ibm
Search vendor "Ibm"
Domino
Search vendor "Ibm" for product "Domino"
9.0.1.4
Search vendor "Ibm" for product "Domino" and version "9.0.1.4"
-
Affected
Ibm
Search vendor "Ibm"
Domino
Search vendor "Ibm" for product "Domino"
9.0.1.5
Search vendor "Ibm" for product "Domino" and version "9.0.1.5"
-
Affected
Ibm
Search vendor "Ibm"
Notes
Search vendor "Ibm" for product "Notes"
9.0.1.3
Search vendor "Ibm" for product "Notes" and version "9.0.1.3"
-
Affected
Ibm
Search vendor "Ibm"
Notes
Search vendor "Ibm" for product "Notes"
9.0.1.4
Search vendor "Ibm" for product "Notes" and version "9.0.1.4"
-
Affected
Ibm
Search vendor "Ibm"
Notes
Search vendor "Ibm" for product "Notes"
9.0.1.5
Search vendor "Ibm" for product "Notes" and version "9.0.1.5"
-
Affected