7.5
CVE-2022-27558
- EPSS 0.22%
- Veröffentlicht 29.08.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:55:57
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Hcl Inotes Version12.0.1 Update-
Hcltech ≫ Hcl Inotes Version12.0.1 Updatefixpack_1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.448 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@hcl.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.