CVE-2016-0270

CWE-200 — Information Exposure5 documents4 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 32.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Client Application Access IBM Domino IBM Notes

Timeline

PublishedFeb 8

Latest updateMay 17

Description

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/notes9.0.1.3, 9.0.1.4, 9.0.1.5+2

▶NVDibm/domino9.0.1.3, 9.0.1.4, 9.0.1.5+2

▶NVDibm/client_application_access1.0.0.1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vxq9-8hgp-5mw5: IBM Domino 9↗2022-05-17

▶

CVEList

CVE-2016-0270: IBM Domino 9↗2017-02-08

▶

📋Vendor Advisories

Citrix

CVE-2016-0270: IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which make↗2017-02-08

▶

Citrix

CVE-2017-5933: Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM↗2017-02-08

▶