IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability (Linux) Network Vulnerability

Summary

This host has IBM Lotus Notes installed and is prone to HTML Injection vulnerability.

Impact

Successful exploitation will allow attackers to inject HTML based code. Impact Level: Application

Solution

Vendor has released a patch to fix the issue, refer below link for patch details. http://www-01.ibm.com/support/docview.wss?uid=swg21403834

Insight

The flaw is due to error in the RSS reader widget, caused when items are saved from an RSS feed as local HTML documents. This can be exploited via a crafted feed.

Affected

IBM Lotus Notes Version 8.5 on Linux.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21403834
http://www.scip.ch/?vuldb.4021
http://www.securityfocus.com/archive/1/archive/1/506296/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3114

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)

Take action and discover your vulnerabilities