5.9

CVE-2020-4126

EPSS 0.19%
Veröffentlicht 01.12.2020 00:15:11
Zuletzt bearbeitet 21.11.2024 05:32:17
Quelle psirt@hcl.com
Teams Watchlist Login
Unerledigt Login

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Hcl Inotes Version >= 9.0 < 10.0.1

Hcltech ≫ Hcl Inotes Version >= 11.0.0 < 11.0.1

Hcltech ≫ Hcl Inotes Version10.0.1 Update-

Hcltech ≫ Hcl Inotes Version10.0.1 Updatefixpack1

Hcltech ≫ Hcl Inotes Version10.0.1 Updatefixpack2

Hcltech ≫ Hcl Inotes Version10.0.1 Updatefixpack3

Hcltech ≫ Hcl Inotes Version10.0.1 Updatefixpack4

Hcltech ≫ Hcl Inotes Version10.0.1 Updatefixpack5

Hcltech ≫ Hcl Inotes Version11.0.1 Update-

Hcltech ≫ Hcl Inotes Version11.0.1 Updatefixpack1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.371

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085411

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4126

EUVD