CVE-2016-6087

CRITICAL

IBM Domino 8.5-9.0 - Credential Theft via TLS Key Exchange Validation

Title source: llm
STIX 2.1

Description

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038606
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98794
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22002808
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/117918

Scores

CVSS v3 9.8
EPSS 0.0194
EPSS Percentile 77.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (32)
ibm/domino 8.5.1.0
ibm/domino 8.5.1.1
ibm/domino 8.5.1.2
ibm/domino 8.5.1.3
ibm/domino 8.5.1.4
ibm/domino 8.5.1.5
ibm/domino 8.5.2.0
ibm/domino 8.5.2.1
ibm/domino 8.5.2.2
ibm/domino 8.5.2.3
... and 22 more
Published Jun 07, 2017
Tracked Since Feb 18, 2026