Vulnerabilites related to hcltech - hcl_inotes
cve-2022-27546
Vulnerability from cvelistv5
Published
2022-08-29 16:00
Modified
2024-09-17 03:39
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Version: 9, 10, 11, 12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:18:00.000Z",
"ID": "CVE-2022-27546",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27546",
"datePublished": "2022-08-29T16:00:24.786067Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T03:39:06.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27558
Vulnerability from cvelistv5
Published
2022-08-29 16:00
Modified
2024-09-17 01:12
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100217 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Version: 12.0.1, 12.0.1FP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "12.0.1, 12.0.1FP1"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:45:00.000Z",
"ID": "CVE-2022-27558",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "12.0.1, 12.0.1FP1"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27558",
"datePublished": "2022-08-29T16:00:31.939445Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T01:12:04.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14271
Vulnerability from cvelistv5
Published
2020-12-18 22:08
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085892 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Version: v9, v10, v11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10, v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T22:08:33",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v9, v10, v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14271",
"datePublished": "2020-12-18T22:08:33",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14225
Vulnerability from cvelistv5
Published
2020-12-21 17:09
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Version: versions previous to releases 9.0.1 FP10 IF6 Version: 10.0.1 FP5 and 11.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"status": "affected",
"version": "10.0.1 FP5 and 11.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Tabnabbing vulnerability\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T17:09:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"version_value": "10.0.1 FP5 and 11.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Tabnabbing vulnerability\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14225",
"datePublished": "2020-12-21T17:09:24",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27760
Vulnerability from cvelistv5
Published
2022-05-06 18:10
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Notes |
Version: 11.0 - 11.0.1 FP4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "11.0 - 11.0.1 FP4"
}
]
}
],
"datePublic": "2022-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T18:10:30",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-04-11T00:00:00.000Z",
"ID": "CVE-2021-27760",
"STATE": "PUBLIC",
"TITLE": "HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "11.0 - 11.0.1 FP4"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2021-27760",
"datePublished": "2022-05-06T18:10:30.931261Z",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-09-17T04:19:12.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27547
Vulnerability from cvelistv5
Published
2022-08-29 16:00
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100212 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Version: 9, 10, 11, 12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:28",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a link to non-existent domain vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T19:18:00.000Z",
"ID": "CVE-2022-27547",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a link to non-existent domain vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27547",
"datePublished": "2022-08-29T16:00:28.303270Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T02:01:17.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4126
Vulnerability from cvelistv5
Published
2020-11-30 23:50
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085411 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Version: v10.0.1 FP6, v11.0.1 FP2 and later |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive cookie exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T23:50:09",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive cookie exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4126",
"datePublished": "2020-11-30T23:50:09",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-12-21 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 11.0.0 | |
| hcltechsw | hcl_inotes | * | |
| hcltechsw | hcl_inotes | 9.0.1 | |
| hcltechsw | hcl_inotes | 9.0.1 | |
| hcltechsw | hcl_inotes | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63B76DD1-79D7-4320-A1E8-7B5BF5345B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAF9E37-610E-4E7C-A1D9-ADA85818DBC3",
"versionEndExcluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "E43BA08A-3541-4F11-A5D4-2D2E5A775D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "DD04A768-66DA-42B6-82AE-0DEDB8E9DB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "419B397B-51F7-4C6A-A824-8082219850F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible a una vulnerabilidad de tipo Tabnabbing causada por un saneamiento inapropiado del contenido del mensaje.\u0026#xa0;Un atacante no autenticado remoto podr\u00eda usar esta vulnerabilidad para enga\u00f1ar al usuario final para que ingrese informaci\u00f3n confidencial, tales como credenciales, por ejemplo, como parte de un ataque de phishing"
}
],
"id": "CVE-2020-14225",
"lastModified": "2024-11-21T05:02:53.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-21T18:15:14.383",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 16:15
Modified
2024-11-21 06:55
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de una vulnerabilidad de enlace a un dominio no existente. Un atacante podr\u00eda usar esta vulnerabilidad para enga\u00f1ar a un usuario para que proporcione informaci\u00f3n confidencial como el nombre de usuario, la contrase\u00f1a, el n\u00famero de tarjeta de cr\u00e9dito, etc"
}
],
"id": "CVE-2022-27547",
"lastModified": "2024-11-21T06:55:56.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.507",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-01 00:15
Modified
2024-11-21 05:32
Severity ?
Summary
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "281A8ED6-2F9B-493E-9E5B-E2CF8CAADE86",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B10D1E-A272-48A7-AB91-12CE7B909B6B",
"versionEndExcluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack5:*:*:*:*:*:*",
"matchCriteriaId": "3971CAAD-A1A2-4EE9-9BC9-A7108E3B671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible a una vulnerabilidad de exposici\u00f3n de cookies confidenciales. Esto puede permitir a un atacante remoto no autenticado capturar la cookie interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http. Las correcciones est\u00e1n disponibles en HCL Domino e iNotes versiones 10.0.1 FP6 y 11.0.1 FP2 y posteriores"
}
],
"id": "CVE-2020-4126",
"lastModified": "2024-11-21T05:32:17.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T00:15:11.197",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-06 18:15
Modified
2024-11-21 05:58
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | 11.0.0 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63B76DD1-79D7-4320-A1E8-7B5BF5345B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "DF9D5E06-963D-46D1-B780-5FA7F3B29A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "35AECE5B-35F0-4DF4-A7E8-BE66A0D1E271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "E2845122-0A3C-4BDD-95A3-341A18E33040",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
},
{
"lang": "es",
"value": "Se ha detectado un problema en la funcionalidad de chat de Sametime en los clientes Notes 11.0 - 11.0.1 FP4. Un usuario autenticado del chat de Sametime podr\u00eda causar una Ejecuci\u00f3n de C\u00f3digo Remota en otro cliente de chat mediante el env\u00edo de un mensaje con formato especial mediante el chat que contenga c\u00f3digo Javascript"
}
],
"id": "CVE-2021-27760",
"lastModified": "2024-11-21T05:58:31.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-06T18:15:08.713",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 16:15
Modified
2024-11-21 06:55
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 12.0.1 | |
| hcltech | domino | 12.0.1 | |
| hcltech | hcl_inotes | 12.0.1 | |
| hcltech | hcl_inotes | 12.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de comprobaci\u00f3n de solidez de la contrase\u00f1a. Las pol\u00edticas de contrase\u00f1as personalizadas no son aplican en determinados formularios de iNotes, lo que podr\u00eda permitir a usuarios establecer contrase\u00f1as d\u00e9biles, conllevando a una mayor facilidad de cracking"
}
],
"id": "CVE-2022-27558",
"lastModified": "2024-11-21T06:55:57.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.573",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 16:15
Modified
2024-11-21 06:55
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario con una petici\u00f3n de formulario POST. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web anfitri\u00f3n y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2022-27546",
"lastModified": "2024-11-21T06:55:56.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.443",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-18 23:15
Modified
2024-11-21 05:02
Severity ?
Summary
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "281A8ED6-2F9B-493E-9E5B-E2CF8CAADE86",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B10D1E-A272-48A7-AB91-12CE7B909B6B",
"versionEndExcluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack5:*:*:*:*:*:*",
"matchCriteriaId": "3971CAAD-A1A2-4EE9-9BC9-A7108E3B671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL iNotes versiones v9, v10 y v11, es susceptible a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado debido a un manejo inapropiado del contenido del mensaje.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad usando un marcado especialmente dise\u00f1ado para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web de alojamiento y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2020-14271",
"lastModified": "2024-11-21T05:02:55.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-18T23:15:13.277",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}