Vulnerability in Ibm Lotus_notes

CVE-2013-0127

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To fu…

EPSS: 0.011 (78.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_notes — versions 8.0, 8.0.0, 8.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20130501 n.runs-SA-2013.005 - IBM Lotus Notes - arbitrary code execution (mailing-list, x_refsource_FULLDISC)
VU#912420 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
ibm-notes-applet-tags(83775) (vdb-entry, x_refsource_XF)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)