BM Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities (CVE-2014-0892 and Oracle Java Critical Patch Updates for Oct 2013, Jan 2014)

Share this post:

This security bulletin details the fixes and/or workarounds for multiple vulnerabilities which have been addressed in the Notes and Domino 9.0.1 Fix Pack 1. Fixes are also planned for Notes and Domino 8.5.3 Fix Pack 6 Interim Fix 3.

CVE(s):CVE-2014-0892, CVE-2014-0368, CVE-2014-0428, CVE-2014-0424, CVE-2014-0423, CVE-2014-0422, CVE-2014-0418, CVE-2014-0417, CVE-2014-0416, CVE-2014-0415, CVE-2014-0411, CVE-2014-0410, CVE-2014-0403, CVE-2014-0387, CVE-2014-0376, CVE-2014-0375, CVE-2014-0373, CVE-2013-5910, CVE-2013-5907, CVE-2013-5904, CVE-2013-5902, CVE-2013-5899, CVE-2013-5898, CVE-2013-5896, CVE-2013-5893, CVE-2013-5889, CVE-2013-5888, CVE-2013-5887, CVE-2013-5884, CVE-2013-5878, CVE-2013-0408, CVE-2013-5851, CVE-2013-5850, CVE-2013-5849, CVE-2013-5848, CVE-2013-5843, CVE-2013-5842, CVE-2013-5840, CVE-2013-5838, CVE-2013-5832, CVE-2013-5831, CVE-2013-5830, CVE-2013-5829, CVE-2013-5825, CVE-2013-5824, CVE-2013-5823, CVE-2013-5820, CVE-2013-5819, CVE-2013-5818, CVE-2013-5817, CVE-2013-5814, CVE-2013-5812, CVE-2013-5809, CVE-2013-5806, CVE-2013-5805, CVE-2013-5804, CVE-2013-5803, CVE-2013-5802, CVE-2013-5801, CVE-2013-5800, CVE-2013-5797, CVE-2013-5790, CVE-2013-5789, CVE-2013-5788, CVE-2013-5787, CVE-2013-5784, CVE-2013-5783, CVE-2013-5782, CVE-2013-5780, CVE-2013-5778, CVE-2013-5776, CVE-2013-5774, CVE-2013-5772, CVE-2013-5458, CVE-2013-5457, CVE-2013-5456, CVE-2013-5375, CVE-2013-5372, CVE-2013-4041, CVE-2013-4002 and CVE-2013-3829

Affected product(s) and affected version(s):

Oracle Java Critical Patch Updates for October 2013 and January 2014

  • IBM Notes 9.0.1 and earlier
  • IBM Domino 9.0.1 Interim Fix 2 and earlier
  • IBM Notes and Domino 8.5.x
  • IBM Notes and Domino 8.0.x

IBM Notes and Domino Remote Execution Vulnerability* (CVE-2014-0892)
*Impacts Linux 32 platforms only

    • IBM Notes 9.0.1 and earlier
    • IBM Domino 9.0.1 Interim Fix 2 and earlier
    • IBM Notes and Domino 8.5.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21670264
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/91284

More stories

IBM Product Security Incident Response

Acknowledgement

May 20, 2020 9:00 am EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2020 Honggang Ren of Fortinet’s FortiGuard Labs Pawel Gocyla, (ING Tech Poland) Dries Eestermans, (nynox-dries)   Disclosures for 2019 Danang Tri Atmaja Jafar Abo ...read more


A new and advanced Rowhammer-based attack on DDR4 memory

Mar 11, 2020 8:59 am EDT

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments. Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required. IBM Power ...read more


XSA-304 and XSA-305 Security Vulnerabilities

Nov 13, 2019 12:30 pm EST

IBM is aware of reported Intel vulnerabilities, CVE-2018-12207 and CVE-2019-11135, which are addressed by Citrix in the XSA-304 and XSA-305 security advisories. The vulnerabilities potentially could enable a denial of service attack or allow unauthorized access to recent memory content. There are no known malicious exploits of these vulnerabilities, which potentially impact the hypervisor. IBM ...read more