Search criteria
33 vulnerabilities found for notes by hcltech
FKIE_CVE-2022-44753
Vulnerability from fkie_nvd - Published: 2022-12-19 11:15 - Updated: 2025-04-17 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*",
"matchCriteriaId": "4315DC11-745E-4518-9F7E-5D09FB360DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*",
"matchCriteriaId": "E492968F-C1CC-4383-8393-EDB0DDA174C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
"matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
"matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
"matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
"matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
"matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
"matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
"matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
"matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
"matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
"matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
"matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
"matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
"matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
"matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
"matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
"matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
"matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
"matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
"matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
"matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
"matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
"matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*",
"matchCriteriaId": "96B957B0-AF4B-4E9E-8DB7-7B938C115B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*",
"matchCriteriaId": "55AF7599-1EBB-472C-8F2E-C006269EFDAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
},
{
"lang": "es",
"value": "HCL Notes es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en wp6sr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo WordPerfect manipulado. Esta vulnerabilidad se aplica al software con licencia previa de IBM."
}
],
"id": "CVE-2022-44753",
"lastModified": "2025-04-17T15:15:49.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:11.007",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-44755
Vulnerability from fkie_nvd - Published: 2022-12-19 11:15 - Updated: 2025-04-17 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*",
"matchCriteriaId": "4315DC11-745E-4518-9F7E-5D09FB360DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*",
"matchCriteriaId": "E492968F-C1CC-4383-8393-EDB0DDA174C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
"matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
"matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
"matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
"matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
"matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
"matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
"matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
"matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
"matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
"matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
"matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
"matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
"matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
"matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
"matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
"matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
"matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
"matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
"matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
"matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
"matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
"matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*",
"matchCriteriaId": "96B957B0-AF4B-4E9E-8DB7-7B938C115B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*",
"matchCriteriaId": "55AF7599-1EBB-472C-8F2E-C006269EFDAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
},
{
"lang": "es",
"value": "HCL Notes es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44751. \u00c2 Esta vulnerabilidad se aplica al software con licencia previa de IBM."
}
],
"id": "CVE-2022-44755",
"lastModified": "2025-04-17T15:15:49.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:11.140",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-44751
Vulnerability from fkie_nvd - Published: 2022-12-19 11:15 - Updated: 2025-04-17 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*",
"matchCriteriaId": "4315DC11-745E-4518-9F7E-5D09FB360DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*",
"matchCriteriaId": "E492968F-C1CC-4383-8393-EDB0DDA174C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
"matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
"matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
"matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
"matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
"matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
"matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
"matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
"matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
"matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
"matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
"matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
"matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
"matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
"matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
"matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
"matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
"matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
"matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
"matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
"matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
"matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
"matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*",
"matchCriteriaId": "96B957B0-AF4B-4E9E-8DB7-7B938C115B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*",
"matchCriteriaId": "55AF7599-1EBB-472C-8F2E-C006269EFDAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
},
{
"lang": "es",
"value": "HCL Notes es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44755. Esta vulnerabilidad se aplica al software con licencia previa de IBM."
}
],
"id": "CVE-2022-44751",
"lastModified": "2025-04-17T15:15:49.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:10.887",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-14224
Vulnerability from fkie_nvd - Published: 2020-12-18 23:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085913 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085913 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19015D39-9117-4A6E-BCD7-0951CB185399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de mensajes MIME del cliente HCL Notes versi\u00f3n v9, podr\u00eda potencialmente ser explotada por un atacante no autenticado, resultando en un desbordamiento del b\u00fafer de pila.\u0026#xa0;Esto podr\u00eda permitir a un atacante remoto bloquear la aplicaci\u00f3n Notes o inyectar c\u00f3digo en el sistema que podr\u00eda ejecutarse con los privilegios del usuario actualmente conectado"
}
],
"id": "CVE-2020-14224",
"lastModified": "2024-11-21T05:02:53.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-18T23:15:13.043",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14232
Vulnerability from fkie_nvd - Published: 2020-12-18 00:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19015D39-9117-4A6E-BCD7-0951CB185399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo del par\u00e1metro de entrada de HCL Notes versi\u00f3n v9, podr\u00eda ser explotada potencialmente por un atacante autenticado, resultando en un desbordamiento del b\u00fafer de la pila.\u0026#xa0;Esto podr\u00eda permitir a un atacante bloquear el programa o inyectar c\u00f3digo en el sistema que podr\u00eda ser ejecutado con los privilegios del usuario actualmente registrado"
}
],
"id": "CVE-2020-14232",
"lastModified": "2024-11-21T05:02:54.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-18T00:15:14.237",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14268
Vulnerability from fkie_nvd - Published: 2020-12-14 16:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085762 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085762 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | notes | * | |
| hcltech | notes | * | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A26E5E-3253-422B-8F88-3CBDFAA2124E",
"versionEndExcluding": "9.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328009B9-8C83-41C5-86B8-3731FE2866A8",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
"matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
"matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
"matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
"matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
"matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
"matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
"matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
"matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
"matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
"matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
"matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
"matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
"matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
"matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
"matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
"matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
"matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
"matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
"matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
"matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de mensajes MIME del cliente Notes (versiones 9 y 10), podr\u00eda potencialmente ser explotada por un atacante no autenticado, resultando en un desbordamiento del b\u00fafer de pila.\u0026#xa0;Esto podr\u00eda permitir a un atacante remoto bloquear el cliente o inyectar c\u00f3digo en el sistema que se ejecutar\u00eda con los privilegios del cliente."
}
],
"id": "CVE-2020-14268",
"lastModified": "2024-11-21T05:02:55.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T16:15:11.887",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4102
Vulnerability from fkie_nvd - Published: 2020-12-02 01:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "071126BF-BD0E-4134-B5D2-81DC9A37CD9A",
"versionEndIncluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C46D23-F52D-46D7-973B-FEF916ECD181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
"matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
"matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06AD0ACF-704C-4BBE-9059-1A1E9008D7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE658FD-FD4C-4BB8-9AD7-6AB40AB1BDC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system."
},
{
"lang": "es",
"value": "HCL Notes es susceptible a una vulnerabilidad de Desbordamiento de B\u00fafer en DXL debido a una comprobaci\u00f3n inapropiada de la entrada de usuario.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante bloquear Notes o ejecutar c\u00f3digo controlado por el atacante en el sistema cliente"
}
],
"id": "CVE-2020-4102",
"lastModified": "2024-11-21T05:32:17.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-02T01:15:12.903",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14258
Vulnerability from fkie_nvd - Published: 2020-11-21 18:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085304 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085304 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19015D39-9117-4A6E-BCD7-0951CB185399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C46D23-F52D-46D7-973B-FEF916ECD181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06AD0ACF-704C-4BBE-9059-1A1E9008D7A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected."
},
{
"lang": "es",
"value": "HCL Notes es susceptible a una vulnerabilidad de Denegaci\u00f3n de Servicio causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad usando un mensaje de correo electr\u00f3nico especialmente dise\u00f1ado para colgar al cliente.\u0026#xa0;Las versiones 9, 10 y 11 est\u00e1n afectadas"
}
],
"id": "CVE-2020-14258",
"lastModified": "2024-11-21T05:02:55.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-21T18:15:11.743",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4097
Vulnerability from fkie_nvd - Published: 2020-11-05 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | notes | * | |
| hcltech | notes | * | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 10.0.0 | |
| hcltech | notes | 10.0.0 | |
| hcltech | notes | 10.0.0 | |
| hcltech | notes | 10.0.0 | |
| hcltech | notes | 10.0.0 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A110FE5-0ABF-454F-A239-370CDE59F615",
"versionEndIncluding": "9.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA4FBF5-4DD8-465C-A43F-214F0A75FC54",
"versionEndIncluding": "11.0.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
"matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
"matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
"matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
"matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
"matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
"matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
"matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
"matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
"matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
"matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
"matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
"matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
"matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
"matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
"matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
"matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
"matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
"matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
"matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
"matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "A3604A97-5374-4589-BB9A-FFDE47AEB3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.0:fp2:*:*:*:*:*:*",
"matchCriteriaId": "AC8C1C00-B486-4651-9213-DA3B07E61F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.0:fp3:*:*:*:*:*:*",
"matchCriteriaId": "E7BBFB47-2B3B-4839-8785-27707C020337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.0:fp4:*:*:*:*:*:*",
"matchCriteriaId": "D50A2795-6DFE-4963-ACC5-E5D78E96F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.0:fp5:*:*:*:*:*:*",
"matchCriteriaId": "3694E067-3330-4905-891E-9B46AE2C2B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
"matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
"matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client."
},
{
"lang": "es",
"value": "En HCL Notes versi\u00f3n 9 anterior a la versi\u00f3n 9.0.1 FixPack 10 Interim Fix 8, versi\u00f3n 10 anterior a versi\u00f3n 10.0.1 FixPack 6 y versi\u00f3n 11 anterior a 11.0.1 FixPack 1, una vulnerabilidad en el manejo del par\u00e1metro de entrada del cliente Notes podr\u00eda potencialmente ser explotado por un atacante resultando en un desbordamiento del b\u00fafer.\u0026#xa0;Esto podr\u00eda permitir a un atacante bloquear HCL Notes o ejecutar c\u00f3digo controlado por el atacante en el cliente"
}
],
"id": "CVE-2020-4097",
"lastModified": "2024-11-21T05:32:17.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-05T17:15:12.537",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14240
Vulnerability from fkie_nvd - Published: 2020-11-05 17:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | notes | * | |
| hcltech | notes | * | |
| hcltech | notes | * | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 9.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 | |
| hcltech | notes | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A110FE5-0ABF-454F-A239-370CDE59F615",
"versionEndIncluding": "9.0.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD81AC1C-2BA9-4688-A823-666C6558C3E2",
"versionEndIncluding": "10.0.1",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA4FBF5-4DD8-465C-A43F-214F0A75FC54",
"versionEndIncluding": "11.0.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
"matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
"matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
"matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
"matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
"matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
"matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
"matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
"matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
"matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
"matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
"matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
"matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
"matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
"matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
"matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
"matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
"matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
"matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
"matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
"matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
"matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
"matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
"matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
"matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
"matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
"matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
"matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
"matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
"matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
"matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
"matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
"matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim\u0027s Web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
},
{
"lang": "es",
"value": "HCL Notes versiones anteriores a 9.0.1 FP10 IF8, 10.0.1 FP6 y 11.0.1 FP1, son susceptibles a una vulnerabilidad de tipo Cross-site Scripting (XSS) almacenado.\u0026#xa0;Un atacante podr\u00eda usar esta vulnerabilidad para ejecutar un script en el navegador Web de la v\u00edctima dentro del contexto de seguridad del sitio Web de alojamiento y/o robar unas credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"
}
],
"id": "CVE-2020-14240",
"lastModified": "2024-11-21T05:02:54.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-05T17:15:12.367",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-44755 (GCVE-0-2022-44755)
Vulnerability from cvelistv5 – Published: 2022-12-17 01:57 – Updated: 2025-04-17 14:31
VLAI?
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Notes |
Affected:
9, 10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:31:22.656586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:31:34.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10"
}
]
}
],
"datePublic": "2022-12-16T23:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44755",
"datePublished": "2022-12-17T01:57:45.446Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2025-04-17T14:31:34.058Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44753 (GCVE-0-2022-44753)
Vulnerability from cvelistv5 – Published: 2022-12-17 01:52 – Updated: 2025-04-17 14:32
VLAI?
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Notes |
Affected:
9, 10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:32:01.062042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:32:13.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10"
}
]
}
],
"datePublic": "2022-12-16T23:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44753",
"datePublished": "2022-12-17T01:52:52.495Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2025-04-17T14:32:13.332Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44751 (GCVE-0-2022-44751)
Vulnerability from cvelistv5 – Published: 2022-12-17 01:48 – Updated: 2025-04-17 14:32
VLAI?
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Notes |
Affected:
9, 10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:32:25.767175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:32:37.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10"
}
]
}
],
"datePublic": "2022-12-16T23:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44751",
"datePublished": "2022-12-17T01:48:38.704Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2025-04-17T14:32:37.793Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14224 (GCVE-0-2020-14224)
Vulnerability from cvelistv5 – Published: 2020-12-18 22:11 – Updated: 2024-08-04 12:39
VLAI?
Summary
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T22:11:54",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14224",
"datePublished": "2020-12-18T22:11:54",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14232 (GCVE-0-2020-14232)
Vulnerability from cvelistv5 – Published: 2020-12-17 23:59 – Updated: 2024-08-04 12:39
VLAI?
Summary
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T23:59:59",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14232",
"datePublished": "2020-12-17T23:59:59",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14268 (GCVE-0-2020-14268)
Vulnerability from cvelistv5 – Published: 2020-12-14 15:49 – Updated: 2024-08-04 12:39
VLAI?
Summary
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T15:49:29",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9, v10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14268",
"datePublished": "2020-12-14T15:49:29",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4102 (GCVE-0-2020-4102)
Vulnerability from cvelistv5 – Published: 2020-12-02 00:56 – Updated: 2024-08-04 07:52
VLAI?
Summary
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
Severity ?
No CVSS data available.
CWE
- "Buffer overflow"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
},
{
"status": "affected",
"version": "v10"
},
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Buffer overflow\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T00:56:42",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
},
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Buffer overflow\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4102",
"datePublished": "2020-12-02T00:56:42",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14258 (GCVE-0-2020-14258)
Vulnerability from cvelistv5 – Published: 2020-11-21 17:24 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.
Severity ?
No CVSS data available.
CWE
- "Denial of Service"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "v9"
},
{
"status": "affected",
"version": "v10"
},
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Denial of Service\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-21T17:24:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
},
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "HCL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Denial of Service\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14258",
"datePublished": "2020-11-21T17:24:31",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4097 (GCVE-0-2020-4097)
Vulnerability from cvelistv5 – Published: 2020-11-05 16:45 – Updated: 2024-08-04 07:52
VLAI?
Summary
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-05T16:45:02",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4097",
"datePublished": "2020-11-05T16:45:02",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14240 (GCVE-0-2020-14240)
Vulnerability from cvelistv5 – Published: 2020-11-05 16:20 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim\u0027s Web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-05T16:20:20",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim\u0027s Web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14240",
"datePublished": "2020-11-05T16:20:20",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44755 (GCVE-0-2022-44755)
Vulnerability from nvd – Published: 2022-12-17 01:57 – Updated: 2025-04-17 14:31
VLAI?
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Notes |
Affected:
9, 10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:31:22.656586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:31:34.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10"
}
]
}
],
"datePublic": "2022-12-16T23:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44755",
"datePublished": "2022-12-17T01:57:45.446Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2025-04-17T14:31:34.058Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44753 (GCVE-0-2022-44753)
Vulnerability from nvd – Published: 2022-12-17 01:52 – Updated: 2025-04-17 14:32
VLAI?
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Notes |
Affected:
9, 10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:32:01.062042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:32:13.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10"
}
]
}
],
"datePublic": "2022-12-16T23:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44753",
"datePublished": "2022-12-17T01:52:52.495Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2025-04-17T14:32:13.332Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44751 (GCVE-0-2022-44751)
Vulnerability from nvd – Published: 2022-12-17 01:48 – Updated: 2025-04-17 14:32
VLAI?
Summary
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Notes |
Affected:
9, 10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:32:25.767175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:32:37.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notes",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9, 10"
}
]
}
],
"datePublic": "2022-12-16T23:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T05:58:57.684Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-44751",
"datePublished": "2022-12-17T01:48:38.704Z",
"dateReserved": "2022-11-04T21:08:23.515Z",
"dateUpdated": "2025-04-17T14:32:37.793Z",
"requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14224 (GCVE-0-2020-14224)
Vulnerability from nvd – Published: 2020-12-18 22:11 – Updated: 2024-08-04 12:39
VLAI?
Summary
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T22:11:54",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14224",
"datePublished": "2020-12-18T22:11:54",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14232 (GCVE-0-2020-14232)
Vulnerability from nvd – Published: 2020-12-17 23:59 – Updated: 2024-08-04 12:39
VLAI?
Summary
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T23:59:59",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14232",
"datePublished": "2020-12-17T23:59:59",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14268 (GCVE-0-2020-14268)
Vulnerability from nvd – Published: 2020-12-14 15:49 – Updated: 2024-08-04 12:39
VLAI?
Summary
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9, v10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T15:49:29",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9, v10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14268",
"datePublished": "2020-12-14T15:49:29",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4102 (GCVE-0-2020-4102)
Vulnerability from nvd – Published: 2020-12-02 00:56 – Updated: 2024-08-04 07:52
VLAI?
Summary
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
Severity ?
No CVSS data available.
CWE
- "Buffer overflow"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v9"
},
{
"status": "affected",
"version": "v10"
},
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Buffer overflow\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T00:56:42",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
},
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Buffer overflow\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4102",
"datePublished": "2020-12-02T00:56:42",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14258 (GCVE-0-2020-14258)
Vulnerability from nvd – Published: 2020-11-21 17:24 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.
Severity ?
No CVSS data available.
CWE
- "Denial of Service"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "v9"
},
{
"status": "affected",
"version": "v10"
},
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Denial of Service\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-21T17:24:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "v9"
},
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "HCL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Denial of Service\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14258",
"datePublished": "2020-11-21T17:24:31",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4097 (GCVE-0-2020-4097)
Vulnerability from nvd – Published: 2020-11-05 16:45 – Updated: 2024-08-04 07:52
VLAI?
Summary
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-05T16:45:02",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4097",
"datePublished": "2020-11-05T16:45:02",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14240 (GCVE-0-2020-14240)
Vulnerability from nvd – Published: 2020-11-05 16:20 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Notes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim\u0027s Web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-05T16:20:20",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Notes",
"version": {
"version_data": [
{
"version_value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim\u0027s Web browser within the security context of the hosting Web site and/or steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14240",
"datePublished": "2020-11-05T16:20:20",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}