Lucene search

[email protected]CVE-2020-4127

HistoryNov 30, 2020 - 10:15 p.m.

CVE-2020-4127

2020-11-3022:15:11

CWE-352

[email protected]

web.nvd.nist.gov

hcl domino

vulnerability

unauthorized access

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

JSON

HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user’s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.

Affected configurations

NVD

Node

hcltechhcl_dominoRange<9.0.1

hcltechhcl_dominoRange10.0.0–10.0.1

hcltechhcl_dominoRange11.0.0–11.0.1

hcltechhcl_dominoMatch9.0.1-

hcltechhcl_dominoMatch9.0.1feature_pack_10_interim_fix_2

hcltechhcl_dominoMatch9.0.1feature_pack_10_interim_fix_3

hcltechhcl_dominoMatch9.0.1feature_pack_10_interim_fix_4

hcltechhcl_dominoMatch9.0.1feature_pack_10_interim_fix_5

hcltechhcl_dominoMatch10.0.1-

hcltechhcl_dominoMatch10.0.1fixpack1

hcltechhcl_dominoMatch10.0.1fixpack2

hcltechhcl_dominoMatch10.0.1fixpack3

hcltechhcl_dominoMatch10.0.1fixpack4

hcltechhcl_dominoMatch10.0.1fixpack5

CPENameOperatorVersion
hcltech:hcl_dominohcltech hcl dominolt9.0.1
hcltech:hcl_dominohcltech hcl dominolt10.0.1
hcltech:hcl_dominohcltech hcl dominolt11.0.1

CPE	Name	Operator	Version
hcltech:hcl_domino	hcltech hcl domino	lt	9.0.1
hcltech:hcl_domino	hcltech hcl domino	lt	10.0.1
hcltech:hcl_domino	hcltech hcl domino	lt	11.0.1

CNA Affected

[
  {
    "product": "HCL Domino",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v9.0.1 FP10 IF6, v10.0.1 FP6, v11.0.1 FP1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085409

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

JSON

Related for CVE-2020-4127

nvd1 prion1 cvelist1