IBM Security Bulletin: IBM Client Application Privilege Escalation in IBM Notes Diagnostics service
By crafting a command line sent via the shared memory IPC, the service can be tricked into executing an executable chosen by the attacker. IBM plans to address this vulnerability by providing a fix.
CVE(s): CVE-2017-1720
Affected product(s) and affected version(s):
IBM Client Application Access 1.0.1
IBM Client Application Access 1.0.1.1
IBM Client Application Access 1.0.1.1 Interim Fix 1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22010766
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134807
The post IBM Security Bulletin: IBM Client Application Privilege Escalation in IBM Notes Diagnostics service appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2EhsX7D