CVE-2020-4102

EPSS 0.05%
Published 02.12.2020 01:15:12
Last modified 21.11.2024 05:32:17
Source psirt@hcl.com
Teams watchlist Login
Open Login

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hcltech ≫ Notes Version >= 9.0.0 <= 9.0.1

Hcltech ≫ Notes Version10.0

Hcltech ≫ Notes Version10.0.1 Update-

Hcltech ≫ Notes Version10.0.1 Updatefp1

Hcltech ≫ Notes Version10.0.1 Updatefp2

Hcltech ≫ Notes Version10.0.1 Updatefp3

Hcltech ≫ Notes Version10.0.1 Updatefp4

Hcltech ≫ Notes Version10.0.1 Updatefp5

Hcltech ≫ Notes Version11.0

Hcltech ≫ Notes Version11.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.128

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085499

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4102

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4102

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4102

EUVD