漏洞类别:Local
漏洞等级: 
漏洞信息
IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications.
IBM Domino is vulnerable to a information disclosure vulnerability which allows an attacker to steal credentials with the help of using multiple sessions and large amounts of data using Domino TLS Key Exchange validation.
Affected Versions
IBM Domino 9.0.1 through 9.0.1 FP7 IF2
IBM Domino 8.5.3 through 8.5.3 FP6 IF17
All 9.0.x, 9.0, 8.5.x releases of IBM Domino prior to those listed above
QID Detection Logic (authenticated):
The QID checks for the install path for IBM Domino via the registry key "HKLM\SOFTWARE\Lotus\Domino" on the value "Path". The QID flags if it finds a vulnerable version of of the file "<Install Path>nsd.exe" i.e. version prior to 9.0.18.0.
漏洞危害
Successful exploitation of the vulnerability will cause information disclosure.
解决方案
Refer to IBM advisory swg22002808 to obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论