Vulnerability Details : CVE-2016-6087
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
Vulnerability category: Input validation
Products affected by CVE-2016-6087
- cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino:9.0.1.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6087
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6087
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6087
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6087
-
http://www.securitytracker.com/id/1038606
IBM Domino TLS Server DH Parameter Validation Flaw Lets Remote Users Obtain Authentication Credentials - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/98794
IBM Domino CVE-2016-6087 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/117918
IBM Domino information disclosure CVE-2016-6087 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=swg22002808
IBM Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087)Patch;Vendor Advisory
Jump to