2 matches found
CVE-2013-0127
The CVE-2013-0127 entry applies to IBM Notes (Lotus Notes) 8.x prior to 8.5.3 FP4 Interim Fix 1 and 9.0 prior to Interim Fix 1, where HTML emails could contain APPLET elements that are not blocked. The underlying issue allows remote attackers to bypass Java execution restrictions and X-Confirm-Re...
IBM Notes runs arbitrary JAVA and Javascript in emails
Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...