Vulnerability Details : CVE-2014-0892
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.
Vulnerability category: Execute codeInformation leak
Products affected by CVE-2014-0892
- cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:9.0.0.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:8.5.3.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_notes:9.0.1.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:8.5.3.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:lotus_domino:9.0.1.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2014-0892
0.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0892
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0892
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0892
-
http://www-01.ibm.com/support/docview.wss?uid=swg21670264
IBM Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities (CVE-2014-0892 and Oracle Java Critical Patch Updates for Oct 2013, Jan 2014)Vendor Advisory
-
http://www.kb.cert.org/vuls/id/350089
VU#350089 - IBM Notes and Domino on x86 Linux specify an executable stackUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/91286
IBM WebSphere information disclosure CVE-2014-0891 Vulnerability Report
Jump to