IBM hat vor ein paar Tagen das 4. Fix Pack für IBM Notes und Domino 9.0.1
heraus gebracht.
Important Notes
- 9.0.1 Fix Pack 4 updates the embedded Notes/Domino JVM to 1.6 SR16 FP4 to address security vulnerabilities.
- 9.0.1 Fix Pack 4 adds support for the following: Safari 8 for iNotes; SiteMinder 12.52 SP1
Ein Tag später kam dann ein Security
Bulletin, dass der "IBM Domino Web server configured for Webmail has
a cross-site scripting vulnerability."
CVEID: CVE-2015-1981
Description: IBM Domino Web server
configured for Webmail is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input. A remote attacker could exploit
this vulnerability using a specially-crafted URL to execute script in a
victim's Web browser within the security context of the hosting Web site,
once the URL is clicked. An attacker could use this vulnerability to steal
the victim's cookie-based authentication credentials. Note that Domino
servers configured for iNotes are not vulnerable to this attack.
Weitere Informationen:
IBM
Notes/Domino 9.0.1 Fix Pack 4 Release Notice
Download
IBM Notes 9.0.1 Fix Pack 4
Download
IBM Domino 9.0.1 Fix Pack 4
Security
Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)