Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0270

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

Published

2017-02-08T16:59:00.133

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	client_application_access	1.0.0.1	Yes
Application	ibm	domino	9.0.1.3	Yes
Application	ibm	domino	9.0.1.4	Yes
Application	ibm	domino	9.0.1.5	Yes
Application	ibm	notes	9.0.1.3	Yes
Application	ibm	notes	9.0.1.4	Yes
Application	ibm	notes	9.0.1.5	Yes

References

http://www-01.ibm.com/support/docview.wss?uid=swg21979604 Mitigation, Patch, Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21979669 Mitigation, Patch, Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21979673 Mitigation, Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/96062 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037795 ([email protected])
https://github.com/nonce-disrespect/nonce-disrespect Third Party Advisory ([email protected])
https://support.citrix.com/article/CTX220329 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21979604 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21979669 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21979673 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96062 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037795 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nonce-disrespect/nonce-disrespect Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.citrix.com/article/CTX220329 (af854a3a-2127-422b-91ae-364da2661108)