IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability (Win) Network Vulnerability

Summary

This host has IBM Lotus Notes installed and is prone to HTML Injection vulnerability.

Impact

Successful exploitation will allow attackers to steal cookie-based authentication credentials. Impact Level: Application

Solution

Vendor has released a patch to fix the issue, refer below link for patch details http://www-01.ibm.com/support/docview.wss?uid=swg21403834

Insight

The flaw is due to error in the RSS reader widget, caused when items are saved from an RSS feed as local HTML documents. This can be exploited via a crafted feed.

Affected

IBM Lotus Notes Version 8.5 on Windows.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21403834
http://www.scip.ch/?vuldb.4021
http://www.securityfocus.com/archive/1/archive/1/506296/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3114

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)

Take action and discover your vulnerabilities