PatchSiren cyber security CVE debrief

CVE-2016-5884 IBM CVE debrief

CVE-2016-5884 is a cross-site scripting issue in IBM iNotes that can let an attacker embed arbitrary JavaScript in the Web UI. Because the code runs in a trusted session, the impact can include credentials disclosure and other unauthorized actions in the context of the affected user. NVD publishes this CVE as modified on 2017-02-01 and updated again on 2026-05-13.

Vendor: IBM
Product: CVE-2016-5884
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-01
Original CVE updated: 2026-05-13
Advisory published: 2017-02-01
Advisory updated: 2026-05-13

Who should care

IBM iNotes and IBM Domino administrators, especially teams running web-accessible mail or collaboration interfaces. Security teams should prioritize any deployment where users access the Web UI from untrusted networks or where browser sessions carry sensitive privileges.

Technical summary

NVD classifies the weakness as CWE-79 (cross-site scripting) with CVSS 3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which indicates network reachability, no privileges required, and user interaction. The NVD record lists affected IBM Domino and IBM iNotes versions across 8.5.1.0 through 9.0.1.6. The practical risk is that malicious script injected into the web interface can alter page behavior and act within the victim's authenticated session.

Defensive priority

Moderate. The combination of network exposure, no authentication requirement, and trusted-session impact makes this worth prompt remediation, especially for internet-facing deployments. The CVSS score is 6.1 (Medium).

Recommended defensive actions

Review IBM's vendor advisory and patch guidance linked from the NVD record and apply the recommended update for affected IBM iNotes/Domino releases.
Treat the issue as a web-session integrity risk: validate whether users can inject or persist untrusted content into the Web UI.
Prioritize remediation on externally reachable mail or collaboration portals and systems used by privileged users.
After patching, verify that browser-side protections and input handling in the affected Web UI are functioning as expected.
Monitor for suspicious session activity that could indicate script-based abuse of trusted user sessions.

Evidence notes

This debrief is based on the official NVD CVE record and linked vendor references. The NVD metadata identifies CWE-79 and CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The record lists vulnerable IBM Domino and IBM iNotes CPEs from 8.5.1.0 through 9.0.1.6, and references an IBM support advisory plus third-party advisories. The CVE was published in NVD on 2017-02-01 and later modified on 2026-05-13.

Official resources

CVE-2016-5884 CVE record
CVE.org
CVE-2016-5884 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]

Publicly disclosed in the official CVE/NVD record on 2017-02-01, with vendor advisory references included in NVD. The NVD record was later modified on 2026-05-13.