CVE-2020-4107 (GCVE-0-2020-4107)

Vulnerability from cvelistv5 – Published: 2022-05-19 21:25 – Updated: 2024-09-16 21:03
VLAI?
Title
HCL Domino is affected by an Insufficient Access Control vulnerability
Summary
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
Severity ?
8.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-284 - Improper Access Control
Assigner
HCL
References
Impacted products
Vendor Product Version
HCL Software HCL Domino Affected: 9, 10 and 11
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HCL Domino",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "9, 10 and 11"
            }
          ]
        }
      ],
      "datePublic": "2021-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-19T21:25:10",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL Domino is affected by an Insufficient Access Control vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:\n\nSharedMemoryAllowOnly=1\n\nNote that enabling this protection can impact some activities, see additional information in article, KB0090343.\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090343"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "DATE_PUBLIC": "2021-05-11T00:00:00.000Z",
          "ID": "CVE-2020-4107",
          "STATE": "PUBLIC",
          "TITLE": "HCL Domino is affected by an Insufficient Access Control vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HCL Domino",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9, 10 and 11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HCL Software"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284 Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221",
              "refsource": "MISC",
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:\n\nSharedMemoryAllowOnly=1\n\nNote that enabling this protection can impact some activities, see additional information in article, KB0090343.\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090343"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2020-4107",
    "datePublished": "2022-05-19T21:25:10.514010Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T21:03:04.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"908469B9-3B65-400D-A043-6B907B6151EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F7B561B-79F9-45E1-901F-B0976DD7C9AE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.\"}, {\"lang\": \"es\", \"value\": \"HCL Domino est\\u00e1 afectado por una vulnerabilidad de Control de Acceso Insuficiente. Un atacante autenticado con acceso local al sistema podr\\u00eda explotar esta vulnerabilidad para conseguir una escalada de privilegios, una denegaci\\u00f3n de servicio o una divulgaci\\u00f3n de informaci\\u00f3n\"}]",
      "id": "CVE-2020-4107",
      "lastModified": "2024-11-21T05:32:17.660",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@hcl.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-19T22:15:07.943",
      "references": "[{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221\", \"source\": \"psirt@hcl.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@hcl.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@hcl.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-4107\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2022-05-19T22:15:07.943\",\"lastModified\":\"2024-11-21T05:32:17.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.\"},{\"lang\":\"es\",\"value\":\"HCL Domino est\u00e1 afectado por una vulnerabilidad de Control de Acceso Insuficiente. Un atacante autenticado con acceso local al sistema podr\u00eda explotar esta vulnerabilidad para conseguir una escalada de privilegios, una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"908469B9-3B65-400D-A043-6B907B6151EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F7B561B-79F9-45E1-901F-B0976DD7C9AE\"}]}]}],\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.