Search criteria
21 vulnerabilities found for hcl_inotes by hcltech
FKIE_CVE-2022-27546
Vulnerability from fkie_nvd - Published: 2022-08-29 16:15 - Updated: 2024-11-21 06:55
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario con una petici\u00f3n de formulario POST. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web anfitri\u00f3n y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2022-27546",
"lastModified": "2024-11-21T06:55:56.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.443",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27558
Vulnerability from fkie_nvd - Published: 2022-08-29 16:15 - Updated: 2024-11-21 06:55
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino | 12.0.1 | |
| hcltech | domino | 12.0.1 | |
| hcltech | hcl_inotes | 12.0.1 | |
| hcltech | hcl_inotes | 12.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de comprobaci\u00f3n de solidez de la contrase\u00f1a. Las pol\u00edticas de contrase\u00f1as personalizadas no son aplican en determinados formularios de iNotes, lo que podr\u00eda permitir a usuarios establecer contrase\u00f1as d\u00e9biles, conllevando a una mayor facilidad de cracking"
}
],
"id": "CVE-2022-27558",
"lastModified": "2024-11-21T06:55:57.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.573",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27547
Vulnerability from fkie_nvd - Published: 2022-08-29 16:15 - Updated: 2024-11-21 06:55
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*",
"matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*",
"matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*",
"matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*",
"matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*",
"matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*",
"matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*",
"matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible de una vulnerabilidad de enlace a un dominio no existente. Un atacante podr\u00eda usar esta vulnerabilidad para enga\u00f1ar a un usuario para que proporcione informaci\u00f3n confidencial como el nombre de usuario, la contrase\u00f1a, el n\u00famero de tarjeta de cr\u00e9dito, etc"
}
],
"id": "CVE-2022-27547",
"lastModified": "2024-11-21T06:55:56.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T16:15:08.507",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27760
Vulnerability from fkie_nvd - Published: 2022-05-06 18:15 - Updated: 2024-11-21 05:58
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | 11.0.0 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63B76DD1-79D7-4320-A1E8-7B5BF5345B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "DF9D5E06-963D-46D1-B780-5FA7F3B29A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "35AECE5B-35F0-4DF4-A7E8-BE66A0D1E271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "E2845122-0A3C-4BDD-95A3-341A18E33040",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
},
{
"lang": "es",
"value": "Se ha detectado un problema en la funcionalidad de chat de Sametime en los clientes Notes 11.0 - 11.0.1 FP4. Un usuario autenticado del chat de Sametime podr\u00eda causar una Ejecuci\u00f3n de C\u00f3digo Remota en otro cliente de chat mediante el env\u00edo de un mensaje con formato especial mediante el chat que contenga c\u00f3digo Javascript"
}
],
"id": "CVE-2021-27760",
"lastModified": "2024-11-21T05:58:31.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-06T18:15:08.713",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14225
Vulnerability from fkie_nvd - Published: 2020-12-21 18:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 11.0.0 | |
| hcltechsw | hcl_inotes | * | |
| hcltechsw | hcl_inotes | 9.0.1 | |
| hcltechsw | hcl_inotes | 9.0.1 | |
| hcltechsw | hcl_inotes | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63B76DD1-79D7-4320-A1E8-7B5BF5345B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAF9E37-610E-4E7C-A1D9-ADA85818DBC3",
"versionEndExcluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*",
"matchCriteriaId": "E43BA08A-3541-4F11-A5D4-2D2E5A775D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*",
"matchCriteriaId": "DD04A768-66DA-42B6-82AE-0DEDB8E9DB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9_interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "419B397B-51F7-4C6A-A824-8082219850F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible a una vulnerabilidad de tipo Tabnabbing causada por un saneamiento inapropiado del contenido del mensaje.\u0026#xa0;Un atacante no autenticado remoto podr\u00eda usar esta vulnerabilidad para enga\u00f1ar al usuario final para que ingrese informaci\u00f3n confidencial, tales como credenciales, por ejemplo, como parte de un ataque de phishing"
}
],
"id": "CVE-2020-14225",
"lastModified": "2024-11-21T05:02:53.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-21T18:15:14.383",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14271
Vulnerability from fkie_nvd - Published: 2020-12-18 23:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "281A8ED6-2F9B-493E-9E5B-E2CF8CAADE86",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B10D1E-A272-48A7-AB91-12CE7B909B6B",
"versionEndExcluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack5:*:*:*:*:*:*",
"matchCriteriaId": "3971CAAD-A1A2-4EE9-9BC9-A7108E3B671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL iNotes versiones v9, v10 y v11, es susceptible a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado debido a un manejo inapropiado del contenido del mensaje.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad usando un marcado especialmente dise\u00f1ado para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web de alojamiento y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2020-14271",
"lastModified": "2024-11-21T05:02:55.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-18T23:15:13.277",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4126
Vulnerability from fkie_nvd - Published: 2020-12-01 00:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | * | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 10.0.1 | |
| hcltech | hcl_inotes | 11.0.1 | |
| hcltech | hcl_inotes | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "281A8ED6-2F9B-493E-9E5B-E2CF8CAADE86",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B10D1E-A272-48A7-AB91-12CE7B909B6B",
"versionEndExcluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*",
"matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*",
"matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*",
"matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack5:*:*:*:*:*:*",
"matchCriteriaId": "3971CAAD-A1A2-4EE9-9BC9-A7108E3B671C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*",
"matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
},
{
"lang": "es",
"value": "HCL iNotes es susceptible a una vulnerabilidad de exposici\u00f3n de cookies confidenciales. Esto puede permitir a un atacante remoto no autenticado capturar la cookie interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http. Las correcciones est\u00e1n disponibles en HCL Domino e iNotes versiones 10.0.1 FP6 y 11.0.1 FP2 y posteriores"
}
],
"id": "CVE-2020-4126",
"lastModified": "2024-11-21T05:32:17.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T00:15:11.197",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-27558 (GCVE-0-2022-27558)
Vulnerability from cvelistv5 – Published: 2022-08-29 16:00 – Updated: 2024-09-17 01:12
VLAI?
Title
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Affected:
12.0.1, 12.0.1FP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "12.0.1, 12.0.1FP1"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:45:00.000Z",
"ID": "CVE-2022-27558",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "12.0.1, 12.0.1FP1"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27558",
"datePublished": "2022-08-29T16:00:31.939445Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T01:12:04.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27547 (GCVE-0-2022-27547)
Vulnerability from cvelistv5 – Published: 2022-08-29 16:00 – Updated: 2024-09-17 02:01
VLAI?
Title
HCL iNotes is susceptible to a link to non-existent domain vulnerability.
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Affected:
9, 10, 11, 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:28",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a link to non-existent domain vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T19:18:00.000Z",
"ID": "CVE-2022-27547",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a link to non-existent domain vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27547",
"datePublished": "2022-08-29T16:00:28.303270Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T02:01:17.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27546 (GCVE-0-2022-27546)
Vulnerability from cvelistv5 – Published: 2022-08-29 16:00 – Updated: 2024-09-17 03:39
VLAI?
Title
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
Severity ?
8.3 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Affected:
9, 10, 11, 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:18:00.000Z",
"ID": "CVE-2022-27546",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27546",
"datePublished": "2022-08-29T16:00:24.786067Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T03:39:06.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27760 (GCVE-0-2021-27760)
Vulnerability from cvelistv5 – Published: 2022-05-06 18:10 – Updated: 2024-09-17 04:19
VLAI?
Title
HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart
Summary
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
Severity ?
4.6 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Notes |
Affected:
11.0 - 11.0.1 FP4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "11.0 - 11.0.1 FP4"
}
]
}
],
"datePublic": "2022-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T18:10:30",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-04-11T00:00:00.000Z",
"ID": "CVE-2021-27760",
"STATE": "PUBLIC",
"TITLE": "HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "11.0 - 11.0.1 FP4"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2021-27760",
"datePublished": "2022-05-06T18:10:30.931261Z",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-09-17T04:19:12.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14225 (GCVE-0-2020-14225)
Vulnerability from cvelistv5 – Published: 2020-12-21 17:09 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
Severity ?
No CVSS data available.
CWE
- "Tabnabbing vulnerability"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Affected:
versions previous to releases 9.0.1 FP10 IF6
Affected: 10.0.1 FP5 and 11.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"status": "affected",
"version": "10.0.1 FP5 and 11.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Tabnabbing vulnerability\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T17:09:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"version_value": "10.0.1 FP5 and 11.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Tabnabbing vulnerability\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14225",
"datePublished": "2020-12-21T17:09:24",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14271 (GCVE-0-2020-14271)
Vulnerability from cvelistv5 – Published: 2020-12-18 22:08 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Affected:
v9, v10, v11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10, v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T22:08:33",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v9, v10, v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14271",
"datePublished": "2020-12-18T22:08:33",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4126 (GCVE-0-2020-4126)
Vulnerability from cvelistv5 – Published: 2020-11-30 23:50 – Updated: 2024-08-04 07:52
VLAI?
Summary
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
Severity ?
No CVSS data available.
CWE
- Sensitive cookie exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Affected:
v10.0.1 FP6, v11.0.1 FP2 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive cookie exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T23:50:09",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive cookie exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4126",
"datePublished": "2020-11-30T23:50:09",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27558 (GCVE-0-2022-27558)
Vulnerability from nvd – Published: 2022-08-29 16:00 – Updated: 2024-09-17 01:12
VLAI?
Title
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.
Summary
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Affected:
12.0.1, 12.0.1FP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "12.0.1, 12.0.1FP1"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:45:00.000Z",
"ID": "CVE-2022-27558",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "12.0.1, 12.0.1FP1"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100217"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27558",
"datePublished": "2022-08-29T16:00:31.939445Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T01:12:04.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27547 (GCVE-0-2022-27547)
Vulnerability from nvd – Published: 2022-08-29 16:00 – Updated: 2024-09-17 02:01
VLAI?
Title
HCL iNotes is susceptible to a link to non-existent domain vulnerability.
Summary
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Affected:
9, 10, 11, 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:28",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a link to non-existent domain vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T19:18:00.000Z",
"ID": "CVE-2022-27547",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a link to non-existent domain vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100212"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27547",
"datePublished": "2022-08-29T16:00:28.303270Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T02:01:17.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27546 (GCVE-0-2022-27546)
Vulnerability from nvd – Published: 2022-08-29 16:00 – Updated: 2024-09-17 03:39
VLAI?
Title
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability
Summary
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
Severity ?
8.3 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL iNotes |
Affected:
9, 10, 11, 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10, 11, 12"
}
]
}
],
"datePublic": "2022-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T16:00:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-08-24T20:18:00.000Z",
"ID": "CVE-2022-27546",
"STATE": "PUBLIC",
"TITLE": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "9, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim\u0027s web browser within the security context of the hosting web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100216"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27546",
"datePublished": "2022-08-29T16:00:24.786067Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T03:39:06.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27760 (GCVE-0-2021-27760)
Vulnerability from nvd – Published: 2022-05-06 18:10 – Updated: 2024-09-17 04:19
VLAI?
Title
HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart
Summary
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
Severity ?
4.6 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Notes |
Affected:
11.0 - 11.0.1 FP4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "11.0 - 11.0.1 FP4"
}
]
}
],
"datePublic": "2022-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T18:10:30",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-04-11T00:00:00.000Z",
"ID": "CVE-2021-27760",
"STATE": "PUBLIC",
"TITLE": "HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "11.0 - 11.0.1 FP4"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097670"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2021-27760",
"datePublished": "2022-05-06T18:10:30.931261Z",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-09-17T04:19:12.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14225 (GCVE-0-2020-14225)
Vulnerability from nvd – Published: 2020-12-21 17:09 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
Severity ?
No CVSS data available.
CWE
- "Tabnabbing vulnerability"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Affected:
versions previous to releases 9.0.1 FP10 IF6
Affected: 10.0.1 FP5 and 11.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"status": "affected",
"version": "10.0.1 FP5 and 11.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Tabnabbing vulnerability\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T17:09:24",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"version_value": "10.0.1 FP5 and 11.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Tabnabbing vulnerability\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14225",
"datePublished": "2020-12-21T17:09:24",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14271 (GCVE-0-2020-14271)
Vulnerability from nvd – Published: 2020-12-18 22:08 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Affected:
v9, v10, v11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10, v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T22:08:33",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v9, v10, v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim\u0027s web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14271",
"datePublished": "2020-12-18T22:08:33",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4126 (GCVE-0-2020-4126)
Vulnerability from nvd – Published: 2020-11-30 23:50 – Updated: 2024-08-04 07:52
VLAI?
Summary
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
Severity ?
No CVSS data available.
CWE
- Sensitive cookie exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL iNotes |
Affected:
v10.0.1 FP6, v11.0.1 FP2 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL iNotes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive cookie exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T23:50:09",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive cookie exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4126",
"datePublished": "2020-11-30T23:50:09",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}