CVE-2017-1711

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 56.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Client Application Access IBM Notes

Timeline

PublishedFeb 13

Latest updateMay 14

Description

IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5ibm/notes5 versions+4

▶NVDibm/notes6 versions+5

▶CVEListV5ibm/client_application_access1.0.0.1, 1.0.1.1, 1.0.1.2+2

▶NVDibm/client_application_access1.0.1.0, 1.0.1.1, 1.0.1.2+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8pc4-5c4p-m4rm: IBM iNotes 8↗2022-05-14

▶

CVEList

CVE-2017-1711: IBM iNotes 8↗2018-02-13

▶