Lotus notes

This hub aggregates every CVE we track for Lotus notes, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Enterprise Softwareon-premdesktop app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

CRITICAL35MEDIUM21HIGH12LOW3

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Lotus notes.

CVE-2013-0522The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified oper...7.0Jul 16, 2018
CVE-2014-3086Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by levera...7.5Aug 12, 2014
CVE-2014-0892IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by...5.0Apr 23, 2014
CVE-2012-6349Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.9.3Jul 18, 2013
CVE-2013-0536ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that ...7.2Jun 21, 2013
CVE-2013-2977Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to ...6.8May 10, 2013
CVE-2013-0127IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java ...5.8May 1, 2013
CVE-2013-0538Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRI...4.3May 1, 2013
CVE-2012-4820Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as us...9.3Jan 11, 2013
CVE-2012-4821Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and ear...9.3Jan 11, 2013
CVE-2012-4822Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and ear...9.3Jan 11, 2013
CVE-2012-4823Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as us...9.3Jan 11, 2013
CVE-2012-4846IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensi...4.3Dec 19, 2012
CVE-2010-5251Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working director...6.9Sep 7, 2012
CVE-2012-2174The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.9.3Jun 20, 2012

Product normalization is registry-driven with AI assist and human review. How it works