CVE-2016-0304

CWE-284Improper Access Control3 documents3 sources
Severity
8.1HIGH
EPSS
1.1%
top 21.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Domino
Timeline
PublishedJun 29
Latest updateMay 13

Description

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDibm/domino25 versions+24

🔴Vulnerability Details

2
GHSA
GHSA-3gxc-gprv-rpqq: The Java Console in IBM Domino 82022-05-13
CVEList
CVE-2016-0304: The Java Console in IBM Domino 82016-06-29
CVE-2016-0304 (HIGH CVSS 8.1) | The Java Console in IBM Domino 8.5. | cvebase.io