Vulnerabilites related to hcltech - domino
cve-2022-27546
Vulnerability from cvelistv5
Published
2022-08-29 16:00
Modified
2024-09-17 03:39
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Version: 9, 10, 11, 12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:18:00.000Z",
"ID": "CVE-2022-27546",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27546",
"datePublished": "2022-08-29T16:00:24.786067Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T03:39:06.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4128
Vulnerability from cvelistv5
Published
2020-12-01 13:12
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085408 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Domino |
Version: v9 Version: v10 Version: v11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
},
{
"status": "affected",
"version": "v10"
},
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Lockout policy bypass \"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T13:12:37",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v9"
},
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Lockout policy bypass \""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4128",
"datePublished": "2020-12-01T13:12:37",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14260
Vulnerability from cvelistv5
Published
2020-12-02 00:58
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085500 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Domino |
Version: v9 Version: v10 Version: v11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
},
{
"status": "affected",
"version": "v10"
},
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Buffer Overflow\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T00:58:57",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v9"
},
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Buffer Overflow\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14260",
"datePublished": "2020-12-02T00:58:57",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44752
Vulnerability from cvelistv5
Published
2022-12-17 03:27
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Domino |
Version: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2022-12-17T02:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684130Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44752",
"datePublished": "2022-12-17T03:27:16.768Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2024-08-03T14:01:31.262Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14270
Vulnerability from cvelistv5
Published
2020-12-22 20:06
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085881 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Domino |
Version: v9, v10, v11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10, v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T20:06:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v9, v10, v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14270",
"datePublished": "2020-12-22T20:06:31",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27547
Vulnerability from cvelistv5
Published
2022-08-29 16:00
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100212 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Version: 9, 10, 11, 12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:28",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a link to non-existent domain vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T19:18:00.000Z",
"ID": "CVE-2022-27547",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a link to non-existent domain vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27547",
"datePublished": "2022-08-29T16:00:28.303270Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T02:01:17.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23562
Vulnerability from cvelistv5
Published
2024-07-08 15:57
Modified
2024-10-23 22:25
Severity ?
EPSS score ?
Summary
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Domino Server |
Version: 11, 12, 14 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:domino:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "domino",
"vendor": "hcltech",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:16:51.297260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:58:27.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Domino Server",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "11, 12, 14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christopher O\u2019Boyle \u2013 Black Duck Cybersecurity Research Center (CyRC) Researcher"
}
],
"datePublic": "2024-10-23T21:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."
}
],
"value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T22:25:56.279Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0116923"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is susceptible to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-23562",
"datePublished": "2024-07-08T15:57:08.805Z",
"dateReserved": "2024-01-18T07:29:56.728Z",
"dateUpdated": "2024-10-23T22:25:56.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23586
Vulnerability from cvelistv5
Published
2024-09-27 21:20
Modified
2024-10-04 13:56
Severity ?
EPSS score ?
Summary
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Nomad server on Domino |
Version: <1.0.13 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nomad_server_on_domino",
"vendor": "hcltech",
"versions": [
{
"lessThan": "1.0.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:53:43.919681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:56:37.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nomad server on Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c1.0.13"
}
]
}
],
"datePublic": "2024-09-27T21:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u0026nbsp; Under certain circumstances, an unauthenticated attacker could obtain old session information. \u0026nbsp;"
}
],
"value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u00a0 Under certain circumstances, an unauthenticated attacker could obtain old session information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T21:20:29.383Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115264"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An insufficient session timeout vulnerability affects HCL Nomad server on Domino",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-23586",
"datePublished": "2024-09-27T21:20:29.383Z",
"dateReserved": "2024-01-18T07:30:10.662Z",
"dateUpdated": "2024-10-04T13:56:37.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44750
Vulnerability from cvelistv5
Published
2022-12-17 03:24
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Domino |
Version: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2022-12-17T02:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. \u0026nbsp;This\u0026nbsp;vulnerability\u0026nbsp;applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. \u00a0This\u00a0vulnerability\u00a0applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684130Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44750",
"datePublished": "2022-12-17T03:24:14.670Z",
"dateReserved": "2022-11-04T21:08:23.514Z",
"dateUpdated": "2024-08-03T14:01:31.308Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38660
Vulnerability from cvelistv5
Published
2022-11-04 19:57
Modified
2024-08-03 11:02
Severity ?
EPSS score ?
Summary
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino |
Version: v9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"XPages"
],
"product": "HCL Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "v9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. \u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T19:57:02.979Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-38660",
"datePublished": "2022-11-04T19:57:02.979Z",
"dateReserved": "2022-08-22T16:31:27.395Z",
"dateUpdated": "2024-08-03T11:02:14.565Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1712
Vulnerability from cvelistv5
Published
2020-07-01 13:47
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL Domino" |
Version: "HCL Domino server releases prior to 9.0.1 Fixpack 10. Versions 10 and later are not impacted." |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:31.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL Domino\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"HCL Domino server releases prior to 9.0.1 Fixpack 10. Versions 10 and later are not impacted.\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher\u0027s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Return of Bleichenbacher\u0027s Oracle Threat (ROBOT)\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T13:47:50",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2017-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL Domino\"",
"version": {
"version_data": [
{
"version_value": "\"HCL Domino server releases prior to 9.0.1 Fixpack 10. Versions 10 and later are not impacted.\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher\u0027s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Return of Bleichenbacher\u0027s Oracle Threat (ROBOT)\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2017-1712",
"datePublished": "2020-07-01T13:47:50",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:39:31.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14244
Vulnerability from cvelistv5
Published
2020-12-14 15:39
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085761 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Domino |
Version: v9, v10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T15:39:08",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v9, v10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14244",
"datePublished": "2020-12-14T15:39:08",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4107
Vulnerability from cvelistv5
Published
2022-05-19 21:25
Modified
2024-09-16 21:03
Severity ?
EPSS score ?
Summary
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino |
Version: 9, 10 and 11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10 and 11"
}
]
}
],
"datePublic": "2021-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T21:25:10",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is affected by an Insufficient Access Control vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:\n\nSharedMemoryAllowOnly=1\n\nNote that enabling this protection can impact some activities, see additional information in article, KB0090343.\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090343"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2021-05-11T00:00:00.000Z",
"ID": "CVE-2020-4107",
"STATE": "PUBLIC",
"TITLE": "HCL Domino is affected by an Insufficient Access Control vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "9, 10 and 11"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:\n\nSharedMemoryAllowOnly=1\n\nNote that enabling this protection can impact some activities, see additional information in article, KB0090343.\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090343"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4107",
"datePublished": "2022-05-19T21:25:10.514010Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T21:03:04.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14230
Vulnerability from cvelistv5
Published
2020-11-21 17:27
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL | HCL Domino |
Version: versions previous to releases 9.0.1 FP10 IF6 Version: 10.0.1 FP5 Version: 11.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"status": "affected",
"version": "10.0.1 FP5"
},
{
"status": "affected",
"version": "11.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Denial of Service\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-21T17:27:03",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"version_value": "10.0.1 FP5"
},
{
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "HCL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Denial of Service\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14230",
"datePublished": "2020-11-21T17:27:03",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38654
Vulnerability from cvelistv5
Published
2022-11-04 20:19
Modified
2024-08-03 11:02
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino |
Version: 9, 10, 11, 12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-10-14T20:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user\u0027s person record.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user\u0027s person record.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T20:19:37.257Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101017"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is susceptible to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-38654",
"datePublished": "2022-11-04T20:19:37.257Z",
"dateReserved": "2022-08-22T16:31:27.394Z",
"dateUpdated": "2024-08-03T11:02:14.520Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14234
Vulnerability from cvelistv5
Published
2020-11-21 17:05
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL | HCL Domino |
Version: versions previous to release 9.0.1 FP10 IF6 Version: release 10.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "versions previous to release 9.0.1 FP10 IF6"
},
{
"status": "affected",
"version": "release 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Denial of Service \"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-21T17:05:15",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "versions previous to release 9.0.1 FP10 IF6"
},
{
"version_value": "release 10.0.1"
}
]
}
}
]
},
"vendor_name": "HCL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Denial of Service \""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14234",
"datePublished": "2020-11-21T17:05:15",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37539
Vulnerability from cvelistv5
Published
2024-06-06 22:43
Modified
2024-08-02 17:16
Severity ?
EPSS score ?
Summary
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Domino Server |
Version: 11, 12, 14 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "domino",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "domino",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "domino",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T19:44:09.779815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:48:34.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Domino Server",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "11, 12, 14"
}
]
}
],
"datePublic": "2024-06-06T22:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. \u0026nbsp;\u003cbr\u003e"
}
],
"value": "The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T22:43:59.255Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113715"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37539",
"datePublished": "2024-06-06T22:43:59.255Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2024-08-02T17:16:30.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27558
Vulnerability from cvelistv5
Published
2022-08-29 16:00
Modified
2024-09-17 01:12
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100217 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Version: 12.0.1, 12.0.1FP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "12.0.1, 12.0.1FP1"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:45:00.000Z",
"ID": "CVE-2022-27558",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "12.0.1, 12.0.1FP1"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27558",
"datePublished": "2022-08-29T16:00:31.939445Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T01:12:04.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28010
Vulnerability from cvelistv5
Published
2023-09-08 17:36
Modified
2024-09-26 15:42
Severity ?
EPSS score ?
Summary
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Server |
Version: 12.0.2, 12.0.2FP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107388"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T15:42:05.271999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:42:58.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Server",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "12.0.2, 12.0.2FP1"
}
]
}
],
"datePublic": "2023-09-08T17:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T17:36:51.368Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107388"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is susceptible to a sensitive information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-28010",
"datePublished": "2023-09-08T17:36:51.368Z",
"dateReserved": "2023-03-10T03:50:27.022Z",
"dateUpdated": "2024-09-26T15:42:58.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4080
Vulnerability from cvelistv5
Published
2020-12-18 21:14
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085887 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Verse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v10, v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T21:14:48",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Verse",
"version": {
"version_data": [
{
"version_value": "v10, v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4080",
"datePublished": "2020-12-18T21:14:49",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14273
Vulnerability from cvelistv5
Published
2020-12-28 19:06
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Domino |
Version: v10, v11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Domino",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v10, v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T21:49:09",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v10, v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14273",
"datePublished": "2020-12-28T19:06:36",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44754
Vulnerability from cvelistv5
Published
2022-12-17 03:33
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Domino |
Version: 9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Domino",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2022-12-17T02:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684130Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44754",
"datePublished": "2022-12-17T03:33:30.577Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2024-08-03T14:01:31.435Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-12-19 11:15
Modified
2024-11-21 07:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 9.0 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A73B2674-F58B-46AB-94E6-5B83886C25A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. \u00a0This\u00a0vulnerability\u00a0applies to software previously licensed by IBM.\n"
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44754. Esta vulnerabilidad se aplica al software con licencia previa de IBM."
}
],
"id": "CVE-2022-44750",
"lastModified": "2024-11-21T07:28:25.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:10.807",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-08 16:15
Modified
2024-11-21 08:57
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CA3E60-DC49-4AF6-91D2-507FDE6E0F19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de seguridad en HCL Domino podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n de configuraci\u00f3n confidencial. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n y lanzar m\u00e1s ataques contra el sistema afectado."
}
],
"id": "CVE-2024-23562",
"lastModified": "2024-11-21T08:57:56.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-08T16:15:07.797",
"references": [
{
"source": "psirt@hcl.com",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0116923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113822"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-21 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA96995E-99EC-4260-A329-B4137AFBEB6B",
"versionEndExcluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB117EF-6AE5-4323-9ACF-01DE2C92182D",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected."
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de Denegaci\u00f3n de Servicio debido a una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario, d\u00e1ndole potencialmente al atacante la capacidad de bloquear el servidor.\u0026#xa0;Versiones anteriores a versi\u00f3n 9.0.1 FP10 IF6 y versi\u00f3n 10.0.1 est\u00e1n afectadas"
}
],
"id": "CVE-2020-14234",
"lastModified": "2024-11-21T05:02:54.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-21T18:15:11.680",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-28 20:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947 | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "10824FE5-1BCB-422A-8EFD-AE170C78FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "985D72C3-3149-4DC1-85FA-C681CF779050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "8688C462-C24D-4E68-B2A1-488E20396DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "64D65B08-CAB2-4FC5-9261-4303EF796BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "1372BC40-9A42-4B0B-B3A2-D6F0CCAB276A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9052FD0-5E72-44A8-A875-851730C042D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "BBECA6FB-AA3D-4275-BE76-7E0CA3731C25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server."
},
{
"lang": "es",
"value": "HCL Domino es susceptible de una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a la insuficiente validaci\u00f3n de la entrada a su API p\u00fablica. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para bloquear el servidor Domino"
}
],
"id": "CVE-2020-14273",
"lastModified": "2024-11-21T05:02:55.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-28T20:15:12.383",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-01 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085408 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085408 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E912DDC2-BF25-4D5D-B1AF-86742A4137B1",
"versionEndIncluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAF258F-BF11-4A8D-9211-BA6E79682BCA",
"versionEndIncluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5C76D-53EC-49BA-A956-F2CF54F83661",
"versionEndIncluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "10824FE5-1BCB-422A-8EFD-AE170C78FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "985D72C3-3149-4DC1-85FA-C681CF779050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "8688C462-C24D-4E68-B2A1-488E20396DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "64D65B08-CAB2-4FC5-9261-4303EF796BCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service."
},
{
"lang": "es",
"value": "HCL Domino, es susceptible a una vulnerabilidad de omisi\u00f3n de pol\u00edticas de bloqueo en el servicio ID Vault.\u0026#xa0;Un atacante no autenticado podr\u00eda usar esta vulnerabilidad para montar un ataque de fuerza bruta contra el servicio ID Vault"
}
],
"id": "CVE-2020-4128",
"lastModified": "2024-11-21T05:32:18.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T14:15:11.770",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-22 21:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085881 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085881 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F0C433-00B2-40DD-9D57-99DD1D894A3E",
"versionEndIncluding": "10.0.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "10824FE5-1BCB-422A-8EFD-AE170C78FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "985D72C3-3149-4DC1-85FA-C681CF779050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "8688C462-C24D-4E68-B2A1-488E20396DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "64D65B08-CAB2-4FC5-9261-4303EF796BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9052FD0-5E72-44A8-A875-851730C042D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server."
},
{
"lang": "es",
"value": "HCL Domino versiones v9, v10, v11 es susceptible a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en XPages debido al manejo inapropiado de errores de la entrada del usuario.\u0026#xa0;Un atacante no autenticado podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sobre el software XPages que se ejecuta en el servidor Domino"
}
],
"id": "CVE-2020-14270",
"lastModified": "2024-11-21T05:02:55.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-22T21:15:12.617",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 16:15
Modified
2024-11-21 06:55
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de una vulnerabilidad de enlace a un dominio no existente. Un atacante podr\u00eda usar esta vulnerabilidad para enga\u00f1ar a un usuario para que proporcione informaci\u00f3n confidencial como el nombre de usuario, la contrase\u00f1a, el n\u00famero de tarjeta de cr\u00e9dito, etc"
}
],
"id": "CVE-2022-27547",
"lastModified": "2024-11-21T06:55:56.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.507",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-19 22:15
Modified
2024-11-21 05:32
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure."
},
{
"lang": "es",
"value": "HCL Domino est\u00e1 afectado por una vulnerabilidad de Control de Acceso Insuficiente. Un atacante autenticado con acceso local al sistema podr\u00eda explotar esta vulnerabilidad para conseguir una escalada de privilegios, una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2020-4107",
"lastModified": "2024-11-21T05:32:17.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T22:15:07.943",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-27 22:15
Modified
2024-10-07 15:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115264 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_nomad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "450AD83B-7471-452D-83A5-0808ECDCE637",
"versionEndExcluding": "1.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9381F48B-95F1-4759-A020-196184455E4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u00a0 Under certain circumstances, an unauthenticated attacker could obtain old session information."
},
{
"lang": "es",
"value": "HCL Nomad es susceptible a una vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente. En determinadas circunstancias, un atacante no autenticado podr\u00eda obtener informaci\u00f3n de sesiones antiguas."
}
],
"id": "CVE-2024-23586",
"lastModified": "2024-10-07T15:30:56.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-27T22:15:12.930",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115264"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-19 11:15
Modified
2024-11-21 07:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 9.0 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A73B2674-F58B-46AB-94E6-5B83886C25A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de desbordamiento del b\u00fafer basada en pila en wp6sr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo WordPerfect manipulado. Esta vulnerabilidad se aplica al software con licencia previa de IBM."
}
],
"id": "CVE-2022-44752",
"lastModified": "2024-11-21T07:28:25.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:10.950",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-04 20:15
Modified
2024-11-21 07:16
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA96995E-99EC-4260-A329-B4137AFBEB6B",
"versionEndExcluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. \u00a0\n"
},
{
"lang": "es",
"value": "Las aplicaciones HCL XPages son susceptibles a una vulnerabilidad de Cross-Site Request Forgery (CSRF). Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para realizar acciones en la aplicaci\u00f3n en nombre del usuario que inici\u00f3 sesi\u00f3n."
}
],
"id": "CVE-2022-38660",
"lastModified": "2024-11-21T07:16:53.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-04T20:15:10.363",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101037"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-08 18:15
Modified
2024-11-21 07:53
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "3A649E2D-D7E4-4B7A-B7FB-E2107D7D5FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.2:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "9AE31C27-2C37-4E04-9781-C5296667AF7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.\n"
},
{
"lang": "es",
"value": "En algunos escenarios de configuraci\u00f3n, el nombre de host del servidor de Domino puede estar expuesto. Esta informaci\u00f3n podr\u00eda usarse para dirigir futuros ataques."
}
],
"id": "CVE-2023-28010",
"lastModified": "2024-11-21T07:53:55.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-08T18:15:07.520",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107388"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-19 11:15
Modified
2024-11-21 07:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 9.0 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A73B2674-F58B-46AB-94E6-5B83886C25A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44750. A esta vulnerabilidad se aplica al software con licencia previa de IBM."
}
],
"id": "CVE-2022-44754",
"lastModified": "2024-11-21T07:28:26.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:11.070",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102151"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-04 21:15
Modified
2024-11-21 07:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 10.0.0 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 11.0.1 | |
| hcltech | domino | 11.0.1 | |
| hcltech | domino | 11.0.1 | |
| hcltech | domino | 11.0.1 | |
| hcltech | domino | 11.0.1 | |
| hcltech | domino | 11.0.1 | |
| hcltech | domino | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B73514B-7CA9-4783-9212-84465482A496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user\u0027s person record.\n"
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. En algunos escenarios, las llamadas locales realizadas en el servidor para buscar en el directorio Domino ignorar\u00e1n las restricciones de lectura de xACL. Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para acceder a los atributos del registro personal de un usuario."
}
],
"id": "CVE-2022-38654",
"lastModified": "2024-11-21T07:16:52.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-04T21:15:10.710",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0101017"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-21 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | * | |
| hcltech | domino | * | |
| hcltech | domino | * | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 9.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 | |
| hcltech | domino | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA96995E-99EC-4260-A329-B4137AFBEB6B",
"versionEndExcluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB117EF-6AE5-4323-9ACF-01DE2C92182D",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31C2D72-DD61-4772-8D9D-CE239FBDE6CF",
"versionEndExcluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "10824FE5-1BCB-422A-8EFD-AE170C78FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "985D72C3-3149-4DC1-85FA-C681CF779050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "8688C462-C24D-4E68-B2A1-488E20396DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "64D65B08-CAB2-4FC5-9261-4303EF796BCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected."
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de Denegaci\u00f3n de Servicio causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad mediante un mensaje de correo electr\u00f3nico especialmente dise\u00f1ado para bloquear el servidor.\u0026#xa0;Las versiones anteriores a las versiones 9.0.1 FP10 IF6, 10.0.1 FP5 y 11.0.1 est\u00e1n afectadas"
}
],
"id": "CVE-2020-14230",
"lastModified": "2024-11-21T05:02:53.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-21T18:15:11.620",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 16:15
Modified
2024-11-21 05:02
Severity ?
Summary
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085761 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085761 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5960E4-0432-453F-AC71-056BB3FE5306",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "10824FE5-1BCB-422A-8EFD-AE170C78FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "985D72C3-3149-4DC1-85FA-C681CF779050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "8688C462-C24D-4E68-B2A1-488E20396DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de mensajes MIME del servidor Domino (versiones 9 y 10) podr\u00eda potencialmente ser explotada por un atacante no autenticado, resultando en un desbordamiento del b\u00fafer de pila.\u0026#xa0;Esto podr\u00eda permitir a un atacante remoto bloquear el servidor o inyectar c\u00f3digo en el sistema que se ejecutar\u00eda con los privilegios del servidor."
}
],
"id": "CVE-2020-14244",
"lastModified": "2024-11-21T05:02:54.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T16:15:11.793",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-01 14:15
Modified
2024-11-21 03:22
Severity ?
Summary
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA96995E-99EC-4260-A329-B4137AFBEB6B",
"versionEndExcluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher\u0027s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.\""
},
{
"lang": "es",
"value": "\"Una vulnerabilidad en la implementaci\u00f3n del protocolo TLS del servidor Domino podr\u00eda permitir a un atacante remoto no autenticado acceder a informaci\u00f3n confidencial, tambi\u00e9n se conoce como un ataque de tipo Oracle Threat (ROBOT) de Return of Bleichenbacher. Un atacante podr\u00eda consultar iterativamente un servidor que ejecuta una implementaci\u00f3n de pila TLS vulnerable para llevar a cabo operaciones criptoanal\u00edticas que pueden permitir un descifrado de sesiones TLS capturadas previamente\""
}
],
"id": "CVE-2017-1712",
"lastModified": "2024-11-21T03:22:15.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-01T14:15:14.027",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-02 01:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E912DDC2-BF25-4D5D-B1AF-86742A4137B1",
"versionEndIncluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAF258F-BF11-4A8D-9211-BA6E79682BCA",
"versionEndIncluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5C76D-53EC-49BA-A956-F2CF54F83661",
"versionEndIncluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system."
},
{
"lang": "es",
"value": "HCL Domino es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en DXL debido a una comprobaci\u00f3n inapropiada de la entrada de usuario.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante bloquear Domino o ejecutar c\u00f3digo controlado por un atacante en el sistema del servidor"
}
],
"id": "CVE-2020-14260",
"lastModified": "2024-11-21T05:02:55.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-02T01:15:12.030",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-06 23:15
Modified
2024-11-21 08:11
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CA3E60-DC49-4AF6-91D2-507FDE6E0F19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it."
},
{
"lang": "es",
"value": "The Domino Catalog template es susceptible a una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Un atacante con la capacidad de editar documentos en la aplicaci\u00f3n/base de datos del cat\u00e1logo creada a partir de esta plantilla puede incrustar un ataque de Cross-site Scripting. El ataque se activar\u00eda si un usuario final hiciera clic en \u00e9l."
}
],
"id": "CVE-2023-37539",
"lastModified": "2024-11-21T08:11:53.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-06T23:15:48.720",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113715"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-18 22:15
Modified
2024-11-21 05:32
Severity ?
Summary
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085887 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085887 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B73514B-7CA9-4783-9212-84465482A496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "10824FE5-1BCB-422A-8EFD-AE170C78FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "985D72C3-3149-4DC1-85FA-C681CF779050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "8688C462-C24D-4E68-B2A1-488E20396DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "64D65B08-CAB2-4FC5-9261-4303EF796BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "1372BC40-9A42-4B0B-B3A2-D6F0CCAB276A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "BBECA6FB-AA3D-4275-BE76-7E0CA3731C25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL Verse versiones v10 y v11, es susceptible a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado debido a un manejo inapropiado del contenido del mensaje.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad usando un marcado especialmente dise\u00f1ado para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio Web hosteado y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2020-4080",
"lastModified": "2024-11-21T05:32:16.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-18T22:15:12.590",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 16:15
Modified
2024-11-21 06:55
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 12.0.1 | |
| hcltech | domino | 12.0.1 | |
| hcltech | hcl_inotes | 12.0.1 | |
| hcltech | hcl_inotes | 12.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de comprobaci\u00f3n de solidez de la contrase\u00f1a. Las pol\u00edticas de contrase\u00f1as personalizadas no son aplican en determinados formularios de iNotes, lo que podr\u00eda permitir a usuarios establecer contrase\u00f1as d\u00e9biles, conllevando a una mayor facilidad de cracking"
}
],
"id": "CVE-2022-27558",
"lastModified": "2024-11-21T06:55:57.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.573",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 16:15
Modified
2024-11-21 06:55
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario con una petici\u00f3n de formulario POST. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web anfitri\u00f3n y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2022-27546",
"lastModified": "2024-11-21T06:55:56.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.443",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202012-0059
Vulnerability from variot
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. Domino server Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"cve": "CVE-2020-14244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14244",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14244",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14244",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14244",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-14244",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1028",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
},
{
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. Domino server Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14244",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014609",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1028",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
},
{
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"id": "VAR-202012-0059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T22:20:59.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085761",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085761"
},
{
"title": "IBM Domino Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137451"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085761"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14244"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-buffer-overflow-via-mime-message-34125"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
},
{
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
},
{
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"date": "2020-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1028"
},
{
"date": "2020-12-14T16:15:11.793000",
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-26T05:46:00",
"db": "JVNDB",
"id": "JVNDB-2020-014609"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1028"
},
{
"date": "2024-11-21T05:02:54.453000",
"db": "NVD",
"id": "CVE-2020-14244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Domino\u00a0server\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014609"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1028"
}
],
"trust": 0.6
}
}
var-202011-0097
Vulnerability from variot
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. HCL Domino is a server of collaborative client-server software platform. The vulnerability stems from improper validation of input provided by the user. Attackers can use this vulnerability to cause the server to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1 fp10 if6"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10.0.1"
},
{
"model": "domino fp10 if6",
"scope": "lt",
"trust": 0.6,
"vendor": "hcl",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "lt",
"trust": 0.6,
"vendor": "hcl",
"version": "10.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"cve": "CVE-2020-14234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14234",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-66308",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14234",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14234",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14234",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14234",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-66308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1759",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
},
{
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. HCL Domino is a server of collaborative client-server software platform. The vulnerability stems from improper validation of input provided by the user. Attackers can use this vulnerability to cause the server to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "CNVD",
"id": "CNVD-2020-66308"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14234",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-66308",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1759",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
},
{
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"id": "VAR-202011-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
}
]
},
"last_update_date": "2024-11-23T21:35:09.003000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085302",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085302\u0026sys_kb_id=6477fa8adbaca854a45ad9fcd39619ed"
},
{
"title": "Patch for HCL Domino Denial of Service Vulnerability (CNVD-2020-66308)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/241153"
},
{
"title": "HCL Technologies Domino Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135529"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14234"
},
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085302"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-denial-of-service-via-email-message-33947"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
},
{
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
},
{
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"date": "2020-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1759"
},
{
"date": "2020-11-21T18:15:11.680000",
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-66308"
},
{
"date": "2021-07-09T06:23:00",
"db": "JVNDB",
"id": "JVNDB-2020-013660"
},
{
"date": "2020-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1759"
},
{
"date": "2024-11-21T05:02:54.227000",
"db": "NVD",
"id": "CVE-2020-14234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Domino\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1759"
}
],
"trust": 0.6
}
}
var-202407-0353
Vulnerability from variot
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-0353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "14.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "12.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "14.0"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"cve": "CVE-2024-23562",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-23562",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-23562",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-23562",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-23562",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2024-23562",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-23562",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-23562"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-23562",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004128",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"id": "VAR-202407-0353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-10-24T22:58:04.881000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=kb0116923"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-23562"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"date": "2024-07-08T16:15:07.797000",
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-12T00:49:00",
"db": "JVNDB",
"id": "JVNDB-2024-004128"
},
{
"date": "2024-10-23T23:15:12.397000",
"db": "NVD",
"id": "CVE-2024-23562"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004128"
}
],
"trust": 0.8
}
}
var-202212-1842
Vulnerability from variot
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1842",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"cve": "CVE-2022-44754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-44754",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-44754",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-44754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-44754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-44754",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-44754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3507",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. \u00a0This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44754"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "VULMON",
"id": "CVE-2022-44754"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44754",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3507",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-44754",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-44754"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"id": "VAR-202212-1842",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:30:49.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCL Domino Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220092"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0102151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44754"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44754/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ibm-domino-multiple-vulnerabilities-via-micro-focus-keyview-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-44754"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-44754"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
},
{
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44754"
},
{
"date": "2023-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"date": "2022-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3507"
},
{
"date": "2022-12-19T11:15:11.070000",
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44754"
},
{
"date": "2023-11-30T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2022-023775"
},
{
"date": "2023-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3507"
},
{
"date": "2023-11-07T03:54:27.710000",
"db": "NVD",
"id": "CVE-2022-44754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3507"
}
],
"trust": 0.6
}
}
var-202012-1528
Vulnerability from variot
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"cve": "CVE-2020-14273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14273",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14273",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14273",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14273",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1648",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
},
{
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14273"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14273",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014934",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1648",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
},
{
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"id": "VAR-202012-1528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T22:37:10.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085947",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085947"
},
{
"title": "HCL Domino Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138244"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085947"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14273"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-denial-of-service-via-public-api-34219"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
},
{
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
},
{
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"date": "2020-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1648"
},
{
"date": "2020-12-28T20:15:12.383000",
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-06T08:19:00",
"db": "JVNDB",
"id": "JVNDB-2020-014934"
},
{
"date": "2021-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1648"
},
{
"date": "2024-11-21T05:02:55.987000",
"db": "NVD",
"id": "CVE-2020-14273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Domino\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014934"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1648"
}
],
"trust": 0.6
}
}
var-202208-1912
Vulnerability from variot
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. HCL Technologies Limited of HCL iNotes and Domino server Exists in an open redirect vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1912",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "inotes",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"cve": "CVE-2022-27547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-27547",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2022-27547",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-27547",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-27547",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-27547",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4029",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4029"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. HCL Technologies Limited of HCL iNotes and Domino server Exists in an open redirect vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27547"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27547",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016005",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4029",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4029"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"id": "VAR-202208-1912",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:37:27.702000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.0
},
{
"problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0100212"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27547"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-inotes-information-disclosure-via-non-existent-domain-link-39118"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27547/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4029"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4029"
},
{
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4029"
},
{
"date": "2022-08-29T16:15:08.507000",
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-016005"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4029"
},
{
"date": "2022-09-01T20:54:00.237000",
"db": "NVD",
"id": "CVE-2022-27547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0HCL\u00a0iNotes\u00a0 and \u00a0Domino\u00a0server\u00a0 Open redirect vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016005"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4029"
}
],
"trust": 0.6
}
}
var-202208-1939
Vulnerability from variot
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. HCL Technologies Limited of Domino server and HCL iNotes contains a weak password requirement vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "inotes",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"cve": "CVE-2022-27558",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-27558",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-27558",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-27558",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27558",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-27558",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-27558",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4034",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4034"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. HCL Technologies Limited of Domino server and HCL iNotes contains a weak password requirement vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27558"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27558",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016004",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4034",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4034"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"id": "VAR-202208-1939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:21:38.889000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "Weak password request (CWE-521) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0100217"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27558"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-inotes-user-access-via-password-strength-checks-39119"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27558/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4034"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4034"
},
{
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4034"
},
{
"date": "2022-08-29T16:15:08.573000",
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-016004"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4034"
},
{
"date": "2022-09-01T20:54:28.977000",
"db": "NVD",
"id": "CVE-2022-27558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 and \u00a0HCL\u00a0iNotes\u00a0 Vulnerability in requesting weak passwords in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4034"
}
],
"trust": 0.6
}
}
var-202406-2715
Vulnerability from variot
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. HCL Technologies Limited of Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2715",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "14.0"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "12.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "14.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"cve": "CVE-2023-37539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2023-37539",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.7,
"id": "CVE-2023-37539",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-37539",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37539",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2023-37539",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37539",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. HCL Technologies Limited of Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37539"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37539",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026398",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"id": "VAR-202406-2715",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:19:10.520000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0113715"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37539"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"date": "2024-06-06T23:15:48.720000",
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-19T09:16:00",
"db": "JVNDB",
"id": "JVNDB-2023-026398"
},
{
"date": "2024-08-01T13:44:11.527000",
"db": "NVD",
"id": "CVE-2023-37539"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026398"
}
],
"trust": 0.8
}
}
var-202012-0062
Vulnerability from variot
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. HCL Domino Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.0"
},
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"cve": "CVE-2020-14260",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14260",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14260",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14260",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14260",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-14260",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-031",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
},
{
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. HCL Domino Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14260",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013945",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-031",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
},
{
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"id": "VAR-202012-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T23:01:11.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085500",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085500"
},
{
"title": "HCL Domino Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135906"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085500"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14260"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-buffer-overflow-via-dxl-34024"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
},
{
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
},
{
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"date": "2020-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-031"
},
{
"date": "2020-12-02T01:15:12.030000",
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T01:54:00",
"db": "JVNDB",
"id": "JVNDB-2020-013945"
},
{
"date": "2020-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-031"
},
{
"date": "2024-11-21T05:02:55.280000",
"db": "NVD",
"id": "CVE-2020-14260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Domino\u00a0 Buffer Overflow Vulnerability in Linux",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013945"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-031"
}
],
"trust": 0.6
}
}
var-202011-0096
Vulnerability from variot
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino is a server of collaborative client-server software platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.0"
},
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1 fp10 if6"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10.0.1 fp5"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11.0.1"
},
{
"model": "domino fp10 if6",
"scope": "lt",
"trust": 0.6,
"vendor": "hcl",
"version": "9.0.1"
},
{
"model": "domino fp5",
"scope": "lt",
"trust": 0.6,
"vendor": "hcl",
"version": "10.0.1"
},
{
"model": "domino",
"scope": "lt",
"trust": 0.6,
"vendor": "hcl",
"version": "11.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"cve": "CVE-2020-14230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14230",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-66309",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14230",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14230",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14230",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14230",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-66309",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1761",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
},
{
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino is a server of collaborative client-server software platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14230"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "CNVD",
"id": "CNVD-2020-66309"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14230",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-66309",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1761",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
},
{
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"id": "VAR-202011-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
}
]
},
"last_update_date": "2024-11-23T22:44:24.494000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085303",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085303\u0026sys_kb_id=2e41878edba0e854a45ad9fcd3961974"
},
{
"title": "Patch for HCL Domino Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/241156"
},
{
"title": "HCL Technologies Domino Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135531"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14230"
},
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085303"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-denial-of-service-via-email-message-33946"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
},
{
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
},
{
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"date": "2020-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1761"
},
{
"date": "2020-11-21T18:15:11.620000",
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-66309"
},
{
"date": "2021-07-09T06:23:00",
"db": "JVNDB",
"id": "JVNDB-2020-013659"
},
{
"date": "2020-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1761"
},
{
"date": "2024-11-21T05:02:53.897000",
"db": "NVD",
"id": "CVE-2020-14230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Domino\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1761"
}
],
"trust": 0.6
}
}
var-202208-1828
Vulnerability from variot
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. HCL Technologies Limited of HCL iNotes and Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "hcl inotes",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "inotes",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"cve": "CVE-2022-27546",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-27546",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-27546",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-27546",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27546",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-27546",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-27546",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4018",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4018"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials. HCL Technologies Limited of HCL iNotes and Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27546"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27546",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016006",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4018",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4018"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"id": "VAR-202208-1828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:37:27.796000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0100216"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27546"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-inotes-cross-site-scripting-via-form-post-request-39117"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27546/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4018"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4018"
},
{
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4018"
},
{
"date": "2022-08-29T16:15:08.443000",
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-016006"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4018"
},
{
"date": "2022-09-01T20:53:22.973000",
"db": "NVD",
"id": "CVE-2022-27546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0HCL\u00a0iNotes\u00a0 and \u00a0Domino\u00a0server\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4018"
}
],
"trust": 0.6
}
}
var-202012-1269
Vulnerability from variot
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"cve": "CVE-2020-4080",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-4080",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-4080",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-4080",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4080",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-4080",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1354",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
},
{
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4080"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4080",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014787",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1354",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
},
{
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"id": "VAR-202012-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T23:04:08.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085887",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085887"
},
{
"title": "HCL Verse Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137862"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085887"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4080"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
},
{
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
},
{
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"date": "2020-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1354"
},
{
"date": "2020-12-18T22:15:12.590000",
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-31T05:12:00",
"db": "JVNDB",
"id": "JVNDB-2020-014787"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1354"
},
{
"date": "2024-11-21T05:32:16.050000",
"db": "NVD",
"id": "CVE-2020-4080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Verse\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014787"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1354"
}
],
"trust": 0.6
}
}
var-202212-1841
Vulnerability from variot
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1841",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"cve": "CVE-2022-44752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-44752",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-44752",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-44752",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-44752",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-44752",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-44752",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3510",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u00a0This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44752"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "VULMON",
"id": "CVE-2022-44752"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44752",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023778",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3510",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-44752",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-44752"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"id": "VAR-202212-1841",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:37:16.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCL Technologies HCL Domino Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218851"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0102151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44752"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44752/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ibm-domino-multiple-vulnerabilities-via-micro-focus-keyview-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-44752"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-44752"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
},
{
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44752"
},
{
"date": "2023-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"date": "2022-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3510"
},
{
"date": "2022-12-19T11:15:10.950000",
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44752"
},
{
"date": "2023-11-30T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2022-023778"
},
{
"date": "2023-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3510"
},
{
"date": "2023-11-07T03:54:27.340000",
"db": "NVD",
"id": "CVE-2022-44752"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023778"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3510"
}
],
"trust": 0.6
}
}
var-202211-0399
Vulnerability from variot
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. HCL Technologies Limited of Domino server Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"cve": "CVE-2022-38660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-38660",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-38660",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38660",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38660",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-38660",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-38660",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2109",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. HCL Technologies Limited of Domino server Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38660"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38660",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2109",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"id": "VAR-202211-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:42:17.980000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCL Technologies XPages Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=213291"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0101037"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38660"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38660/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
},
{
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"date": "2022-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2109"
},
{
"date": "2022-11-04T20:15:10.363000",
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-01T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-020433"
},
{
"date": "2022-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2109"
},
{
"date": "2023-11-07T03:50:11.143000",
"db": "NVD",
"id": "CVE-2022-38660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Cross-site request forgery vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2109"
}
],
"trust": 0.6
}
}
var-202212-1767
Vulnerability from variot
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1767",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"cve": "CVE-2022-44750",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-44750",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@hcl.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-44750",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-44750",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-44750",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-44750",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-44750",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3508",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. \u00a0This\u00a0vulnerability\u00a0applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "VULMON",
"id": "CVE-2022-44750"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44750",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023919",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3508",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-44750",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-44750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"id": "VAR-202212-1767",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:21:27.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCL Domino Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220093"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0102151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44750"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44750/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ibm-domino-multiple-vulnerabilities-via-micro-focus-keyview-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-44750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-44750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
},
{
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44750"
},
{
"date": "2023-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"date": "2022-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3508"
},
{
"date": "2022-12-19T11:15:10.807000",
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44750"
},
{
"date": "2023-11-30T04:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-023919"
},
{
"date": "2023-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3508"
},
{
"date": "2023-11-07T03:54:26.830000",
"db": "NVD",
"id": "CVE-2022-44750"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3508"
}
],
"trust": 0.6
}
}
var-202012-1272
Vulnerability from variot
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. HCL Domino Contains an authentication vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.0"
},
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"cve": "CVE-2020-4128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-4128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-4128",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-4128",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4128",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-4128",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-2090",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
},
{
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. HCL Domino Contains an authentication vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4128"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4128",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013936",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2090",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
},
{
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"id": "VAR-202012-1272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T21:35:01.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085408",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085408"
},
{
"title": "Hcl Technologies Domino Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135879"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085408"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4128"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-privilege-escalation-via-lockout-policy-bypass-34000"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
},
{
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
},
{
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"date": "2020-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2090"
},
{
"date": "2020-12-01T14:15:11.770000",
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T01:54:00",
"db": "JVNDB",
"id": "JVNDB-2020-013936"
},
{
"date": "2020-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2090"
},
{
"date": "2024-11-21T05:32:18.100000",
"db": "NVD",
"id": "CVE-2020-4128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Domino\u00a0 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013936"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2090"
}
],
"trust": 0.6
}
}
var-202105-1519
Vulnerability from variot
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"cve": "CVE-2020-4107",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-4107",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-4107",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@hcl.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2020-4107",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-4107",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4107",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2020-4107",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-4107",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-758",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4107"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "VULMON",
"id": "CVE-2020-4107"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4107",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-758",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-4107",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-4107"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"id": "VAR-202105-1519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:54:03.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCL Software HCL Domino Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150262"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0090221"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4107"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-privilege-escalation-35404"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-4107/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-4107"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-4107"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
},
{
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4107"
},
{
"date": "2023-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"date": "2021-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-758"
},
{
"date": "2022-05-19T22:15:07.943000",
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4107"
},
{
"date": "2023-08-10T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-010217"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-758"
},
{
"date": "2022-09-20T19:20:05.127000",
"db": "NVD",
"id": "CVE-2020-4107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-758"
}
],
"trust": 0.6
}
}
var-202007-1069
Vulnerability from variot
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.". Domino server There is a cryptographic strength vulnerability in.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lt",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hcltech:domino",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
}
]
},
"cve": "CVE-2017-1712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-1712",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007570",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-1712",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007570",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-1712",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-007570",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-067",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
},
{
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher\u0027s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.\". Domino server There is a cryptographic strength vulnerability in.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-1712"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-1712",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007570",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-067",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
},
{
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"id": "VAR-202007-1069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T22:37:20.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0080545",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080545\u0026sys_kb_id=ca3ffa141b3d1c54086dcbfc0a4bcba5"
},
{
"title": "HCL Technologies Domino Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123462"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0080545"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1712"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1712"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
},
{
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
},
{
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"date": "2020-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-067"
},
{
"date": "2020-07-01T14:15:14.027000",
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007570"
},
{
"date": "2020-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-067"
},
{
"date": "2024-11-21T03:22:15.173000",
"db": "NVD",
"id": "CVE-2017-1712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Domino server Cryptographic strength vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-067"
}
],
"trust": 0.6
}
}
var-202211-0385
Vulnerability from variot
HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-0385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "12.0"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": null,
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"cve": "CVE-2022-38654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-38654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38654",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38654",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@hcl.com",
"id": "CVE-2022-38654",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-38654",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2117",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user\u0027s person record. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38654"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38654",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020434",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2117",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"id": "VAR-202211-0385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:43:39.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCL Technologies HCL Domino Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=213292"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0101017"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38654"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38654/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-file-reading-via-ignored-xacl-39844"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
},
{
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"date": "2022-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2117"
},
{
"date": "2022-11-04T21:15:10.710000",
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-01T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-020434"
},
{
"date": "2022-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2117"
},
{
"date": "2023-11-07T03:50:10.510000",
"db": "NVD",
"id": "CVE-2022-38654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Technologies\u00a0Limited\u00a0 of \u00a0Domino\u00a0server\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2117"
}
],
"trust": 0.6
}
}
var-202012-0051
Vulnerability from variot
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. HCL Domino Is vulnerable to handling exceptional conditions.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "11.0.1"
},
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "hcltech",
"version": "9.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 1.0,
"vendor": "hcltech",
"version": "10.0.1"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": null
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "10"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "9"
},
{
"model": "domino server",
"scope": "eq",
"trust": 0.8,
"vendor": "hcl",
"version": "11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"cve": "CVE-2020-14270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14270",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14270",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-14270",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14270",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-14270",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1298",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1298"
},
{
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. HCL Domino Is vulnerable to handling exceptional conditions.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14270"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14270",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014747",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1298",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1298"
},
{
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"id": "VAR-202012-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T22:25:14.965000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KB0085881",
"trust": 0.8,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085881"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=kb0085881"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14270"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/hcl-domino-information-disclosure-via-xpages-34160"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1298"
},
{
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1298"
},
{
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1298"
},
{
"date": "2020-12-22T21:15:12.617000",
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-30T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2020-014747"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1298"
},
{
"date": "2024-11-21T05:02:55.750000",
"db": "NVD",
"id": "CVE-2020-14270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HCL\u00a0Domino\u00a0 Vulnerability in handling exceptional conditions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014747"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1298"
}
],
"trust": 0.6
}
}