Note: This text is provided as a courtesy. It has been automatically translated using software and may not have been proofread. The English language version is considered the official version and you can find the most up-to-date information there.

Revealed: High Severity HCL Notes 9 Security Issues

There is no better year than 2021 to make your HCL Notes environment safer and more modernized. When a security vulnerability gets a high 8.8 rating, you know it is time to act. The recently identified security issue of old Notes 9.0.1 deployments is a wakeup call that customers needed to push forward with their Notes client upgrade planning.

by Christoph Adler

Are You Affected?

There is no better year than 2021 to make your HCL Notes environment safer and more modernized.

When a security vulnerability gets a high 8.8 rating, you know it is time to act.

The recently identified security issue of old Notes 9.0.1 deployments is a wakeup call that customers needed to push forward with their Notes client upgrade planning.

Latest Security Issues for Notes 9

In 2020 HCL released Notes 9.0.1 FP10 IF8 (SHF463), fixing important vulnerabilities in Notes 9.0.1. Two of those fixes scored a high CVSS v3 severity of 8.8 (KB0085913 and KB0085883), which is very close to the critical level.

The issues are considered high severity because they allow an attacker to crash the Notes environment or inject malicious code into the system. The cause stems from a buffer overflow vulnerability for the HCL Notes client due to a specially formatted email.

An even older security issue with a 7.8 severity score was fixed in 9.0.1 FP10 IF1. The underlying reason was IBM Notes NSD could allow an authenticated local user without administrator privileges to gain system privileges.

Whichever way you look at it, these are vulnerabilities that demand to be taken seriously.

The good news is that none of these issues apply to Notes 10.0.1 and 11.0.1.

What to Consider Now

  • Consider upgrading to at least version Notes 9.0.1 FP7. Companies who have not installed Notes 10.0.1 or 11.0.1 yet, often still run Notes 9.0.1 FP7, simply because all 9.0.1 updates after FP7 came with other issues. Please note that beginning with 9.0.1 FP8, fix packs have been renamed to feature packs. To ensure quality, these feature packs still have a high focus on addressing important defects.
  • To fix the vulnerability in your environment, we strongly advise you to upgrade to 11.0.1 FP2 – because Notes 11 will make all the difference. It looks better, runs better, and users like it better.
  • If you are thinking about upgrading to 9.0.1FP10 IF8 now, just to make things a little bit easier, you may want to consider this 7 Tips on How to Keep a Healthy, Stable and Up-to-Date Notes Domino Environment before you make your final decision.

Conclusion

The signs are everywhere, and they are all pointing in the same direction. It’s time to upgrade your HCL Notes clients to 11.0.1 FP 2.

Luckily, there are easy ways to keep your Notes environment healthy, stable and up to date.

Comments (No Comments)

Leave a Reply

Find more information in our Privacy Policy.