In a bid to address this vulnerability IBM has made available ‘Interim fixes’ that disables these functions. Users, who know their way around the file system, can also go about manually changing Notes settings by setting the following variables in notes.ini file:
IBM has assigned a CVSS base score of 4.3 indicating that the vulnerability is not much of a problem. But, security researcher Alexander Klink of n.runs who discovered the vulnerability has an issue with IBM’s assessment. He is of the opinion that attackers will be able to take complete control of systems by exploiting this vulnerability. “Considering how widely Notes is used by businesses, it’s a very attractive target with a high risk potential.” he said.