4.3
CVSSv2

CVE-2017-1130

Published: 05/09/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 475
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

Affected Products

Vendor Product Versions
IbmInotes8.5.0.0, 8.5.1.0, 8.5.1.1, 8.5.1.5, 8.5.2.0, 8.5.2.1, 8.5.2.4, 8.5.3.0, 8.5.3.1, 8.5.3.6, 9.0.0.0, 9.0.1.0, 9.0.1.1, 9.0.1.8

Exploits

# Exploit Title: IBM Notes is affected by a denial of service vulnerability # Date: 31 August 2017 # Software Link: www-01ibmcom/support/docviewwss?uid=swg21999384 # Exploit Author: Dhiraj Mishra # Contact: twittercom/mishradhiraj_ # Website: datariftblogspotin/ # CVE: CVE-2017-1130 # Category: IBM Notes (Console Applic ...

Mailing Lists

IBM Notes versions 85x and 90x suffer from a denial of service vulnerability ...

Metasploit Modules

IBM Notes Denial Of Service

This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, the browser will crash after viewing the webpage.

msf > use auxiliary/dos/http/ibm_lotus_notes2
      msf auxiliary(ibm_lotus_notes2) > show actions
            ...actions...
      msf auxiliary(ibm_lotus_notes2) > set ACTION <action-name>
      msf auxiliary(ibm_lotus_notes2) > show options
            ...show and set options...
      msf auxiliary(ibm_lotus_notes2) > run