Published: 01/05/2013 Updated: 29/08/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

IBM Lotus Notes 8.x prior to 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote malicious users to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm lotus notes 8.5.3
ibm lotus notes 8.5.2.3
ibm lotus notes 8.0.0
ibm lotus notes 8.0.2.2
ibm lotus notes 8.5.1.5
ibm lotus notes 8.5.1.3
ibm lotus notes 8.5.1.4
ibm lotus notes 8.0.2
ibm lotus notes 8.0
ibm lotus notes 8.0.2.4
ibm lotus notes 8.0.2.5
ibm lotus notes 8.5.0.1
ibm lotus notes 8.0.2.6
ibm lotus notes 8.5.3.3
ibm lotus notes 9.0.0.0
ibm lotus notes 8.0.2.1
ibm lotus notes 8.5.2.2
ibm lotus notes 8.5.1.1
ibm lotus notes 8.0.1
ibm lotus notes 8.5.1.2
ibm lotus notes 8.5.0.0
ibm lotus notes 8.5.2.1
ibm lotus notes 8.5.3.2
ibm lotus notes 8.0.2.0
ibm lotus notes 8.5
ibm lotus notes 8.5.1
ibm lotus notes 8.0.2.3
ibm lotus notes 8.5.1.0
ibm lotus notes 8.5.3.1
ibm lotus notes 8.5.2.0

CWE-264 http://seclists.org/fulldisclosure/2013/Apr/262 http://www.kb.cert.org/vuls/id/912420 http://www-01.ibm.com/support/docview.wss?uid=swg21633819 https://exchange.xforce.ibmcloud.com/vulnerabilities/83775 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/912420

CVE-2013-0127

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect