CVE-2020-4097

EPSS 0.08%
Published 05.11.2020 17:15:12
Last modified 21.11.2024 05:32:17
Source psirt@hcl.com
Teams watchlist Login
Open Login

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hcltech ≫ Notes Version >= 9.0 <= 9.0.1

Hcltech ≫ Notes Version >= 11.0 <= 11.0.1

Hcltech ≫ Notes Version9.0.1 Updatefp10

Hcltech ≫ Notes Version9.0.1 Updatefp10if1

Hcltech ≫ Notes Version9.0.1 Updatefp10if2

Hcltech ≫ Notes Version9.0.1 Updatefp10if3

Hcltech ≫ Notes Version9.0.1 Updatefp10if4

Hcltech ≫ Notes Version9.0.1 Updatefp10if5

Hcltech ≫ Notes Version9.0.1 Updatefp10if6

Hcltech ≫ Notes Version9.0.1 Updatefp10if7

Hcltech ≫ Notes Version9.0.1 Updatefp1if1

Hcltech ≫ Notes Version9.0.1 Updatefp1if2

Hcltech ≫ Notes Version9.0.1 Updatefp2if1

Hcltech ≫ Notes Version9.0.1 Updatefp2if2

Hcltech ≫ Notes Version9.0.1 Updatefp2if3

Hcltech ≫ Notes Version9.0.1 Updatefp2if4

Hcltech ≫ Notes Version9.0.1 Updatefp3if1

Hcltech ≫ Notes Version9.0.1 Updatefp3if2

Hcltech ≫ Notes Version9.0.1 Updatefp3if3

Hcltech ≫ Notes Version9.0.1 Updatefp3if4

Hcltech ≫ Notes Version9.0.1 Updatefp4if1

Hcltech ≫ Notes Version9.0.1 Updatefp4if2

Hcltech ≫ Notes Version9.0.1 Updatefp5if1

Hcltech ≫ Notes Version9.0.1 Updatefp5if2

Hcltech ≫ Notes Version9.0.1 Updatefp5if3

Hcltech ≫ Notes Version9.0.1 Updatefp7if1

Hcltech ≫ Notes Version9.0.1 Updatefp7if2

Hcltech ≫ Notes Version9.0.1 Updatefp8if1

Hcltech ≫ Notes Version9.0.1 Updatefp9if1

Hcltech ≫ Notes Version9.0.1 Updatefp9if2

Hcltech ≫ Notes Version10.0.0 Updatefp1

Hcltech ≫ Notes Version10.0.0 Updatefp2

Hcltech ≫ Notes Version10.0.0 Updatefp3

Hcltech ≫ Notes Version10.0.0 Updatefp4

Hcltech ≫ Notes Version10.0.0 Updatefp5

Hcltech ≫ Notes Version10.0.1 Updatefp1

Hcltech ≫ Notes Version10.0.1 Updatefp2

Hcltech ≫ Notes Version10.0.1 Updatefp3

Hcltech ≫ Notes Version10.0.1 Updatefp4

Hcltech ≫ Notes Version10.0.1 Updatefp5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.2

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4097

EUVD