Incomplete Fix for UNC Share Pathname Authentication Bypass in IBM Domino 8.5.x and 9.x

Incomplete Fix for UNC Share Pathname Authentication Bypass in IBM Domino 8.5.x and 9.x

CVE-2016-0304 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

Learn more about our Cis Benchmark Audit For Ibm I.