Is the security of the Notes/Domino Java implementation questionable? (security vulnerability in the Notes/Domino Java API)

Thu, 07 Dec 2006 11:14:47 GMT

During some security research into the Notes/Domino Java API I stumbled upon what I cannot judge to be anything but a major flaw in the Java implementation of Notes/Domino. The flaw allows me to circumvent the restricted/unrestricted operations security model for agents as well as all security measures put in place by the SecurityManager installed by IBM. The research was done on Notes/Domino 7.0.1 but I cannot see why it shouldn't be applicable to prior releases. I have been working with the IBM Security Response Team to assess the implications and technote #1248025 (SPR# KLYH6NSJD2) has the official IBM response.

Security threats of syndicated content

Mon, 07 Aug 2006 09:01:02 GMT

I guess it had to happen or will happen at some point that RSS is used as the vector to exploit some kind of security vulnerability.

lekkimworld.comvulnerability

Is the security of the Notes/Domino Java implementation questionable? (security vulnerability in the Notes/Domino Java API)

Security threats of syndicated content