CVE-2018-1409

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.

Published: Feb 19, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1409
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / notes	9.0	9.0.x
ibm / notes	8.5.3.6	8.5.3.6.x
ibm / notes	8.5.1.5	8.5.1.5.x
ibm / notes	8.5.2.4	8.5.2.4.x
ibm / notes	9.0.1.9	9.0.1.9.x
ibm / client_application_access	1.0.0.1	1.0.0.1.x
ibm / client_application_access	1.0.1.2	1.0.1.2.x
ibm / client_application_access	1.0.1	1.0.1.x

http://www.ibm.com/support/docview.wss?uid=swg22010766
http://www.ibm.com/support/docview.wss?uid=swg22010767
https://exchange.xforce.ibmcloud.com/vulnerabilities/138708

Vulnerability Database

289,871

CVE-2018-1409