CVE-2017-1130

MEDIUM

IBM Notes <9.0 - DoS

Title source: llm

Description

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Dhiraj Mishra · htmldosmultiple

https://www.exploit-db.com/exploits/42604

View Code ZIP pw:eip

metasploit WORKING POC

by Dhiraj Mishra · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/ibm_lotus_notes2.rb

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21999384

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100632

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/121371

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42604/

Scores

CVSS v3 6.5

EPSS 0.6548

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

Status published

Products (19)

ibm/inotes 8.5.0.0

ibm/inotes 8.5.1.0

ibm/inotes 8.5.1.1

ibm/inotes 8.5.1.5

ibm/inotes 8.5.2.0

ibm/inotes 8.5.2.1

ibm/inotes 8.5.2.4

ibm/inotes 8.5.3.0

ibm/inotes 8.5.3.1

ibm/inotes 8.5.3.6

... and 9 more

Published Sep 05, 2017

Tracked Since Feb 18, 2026