CVE-2013-4063 IBM Domino, iNotes Multiple Cross-Site Scripting Vulnerabilities (swg21659959)

漏洞类别:Local

漏洞等级:

漏洞信息

IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications.

IBM Domino is affected with multiple cross-site scripting vulnerabilities which can be exploited by a remote attacker.

Affected Version:
IBM Domino 9.0.0 prior to 9.0.1
IBM Domino 8.5.3 prior to 8.5.3 Fix Pack 6
IBM Domino 8.5.2x
IBM Domino 8.5.1x

QID Detection Logic (Authenticated):
The check for vulnerable version of IBM Domino by looking at the file version of “nserver.exe”. The path for “nserver.exe” is retrived via the registry key “HKLM\SOFTWARE\Wow6432Node\Lotus\Domino” value “Path”.

漏洞危害

Successsul exploitation of the vulnerability will lead to Cross-Site Scripting attacks.

解决方案

Refer to IBM advisory swg21659959 to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

swg21659959

Leave a Reply