6.5
CVE-2020-4127
- EPSS 0.16%
- Veröffentlicht 30.11.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:32:17
- Quelle psirt@hcl.com
- Teams Watchlist Login
- Unerledigt Login
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Hcl Domino Version < 9.0.1
Hcltech ≫ Hcl Domino Version >= 10.0.0 < 10.0.1
Hcltech ≫ Hcl Domino Version >= 11.0.0 < 11.0.1
Hcltech ≫ Hcl Domino Version9.0.1 Update-
Hcltech ≫ Hcl Domino Version9.0.1 Updatefeature_pack_10_interim_fix_2
Hcltech ≫ Hcl Domino Version9.0.1 Updatefeature_pack_10_interim_fix_3
Hcltech ≫ Hcl Domino Version9.0.1 Updatefeature_pack_10_interim_fix_4
Hcltech ≫ Hcl Domino Version9.0.1 Updatefeature_pack_10_interim_fix_5
Hcltech ≫ Hcl Domino Version10.0.1 Update-
Hcltech ≫ Hcl Domino Version10.0.1 Updatefixpack1
Hcltech ≫ Hcl Domino Version10.0.1 Updatefixpack2
Hcltech ≫ Hcl Domino Version10.0.1 Updatefixpack3
Hcltech ≫ Hcl Domino Version10.0.1 Updatefixpack4
Hcltech ≫ Hcl Domino Version10.0.1 Updatefixpack5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.334 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.