Security Bulletin: For safer administration of IBM Domino server, use Domino Administrator client

IBM Domino Web Administrator (webadmin.nsf) has two cross-site scripting vulnerabilities and one cross-site request forgery of low CVSS score.  These vulnerabilities do not exist in the Domino Administrator client. To prevent the potential for these attacks, use the Domino Administrator client or mitigations listed below.  Domino Web Administrator is deprecated.

IBM Domino Web Administrator (webadmin.nsf) has multiple cross-site scripting vulnerabilities of low CVSS score.  These vulnerabilities do not exist in the Domino Administrator client.  To prevent the potential for these attacks, migrate away from Domino Web Administrator.  Instead use the Domino Administrator client or the mitigations listed below.

Domino Web Administrator is being deprecated. No new functions will be added and IBM Support will not escalate issues reported.  Customers are advised to use the fully functional Domino Administrator client.


More information TN 1652988