CVE-2022-38654

EPSS 0.08%
Veröffentlicht 04.11.2022 21:15:10
Zuletzt bearbeitet 21.11.2024 07:16:52
Quelle psirt@hcl.com
Teams Watchlist Login
Unerledigt Login

HCL Domino is susceptible to an information disclosure vulnerability.  In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions.  An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Domino Version9.0.1 Update-

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_10_interim_fix_3

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_10_interim_fix_4

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_10_interim_fix_5

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_8

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_8_interim_fix_1

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_8_interim_fix_2

Hcltech ≫ Domino Version9.0.1 Updatefeature_pack_8_interim_fix_3

Hcltech ≫ Domino Version9.0.1 Updatefixpack_3

Hcltech ≫ Domino Version9.0.1 Updatefixpack_4

Hcltech ≫ Domino Version9.0.1 Updatefixpack_5

Hcltech ≫ Domino Version9.0.1 Updatefixpack_6

Hcltech ≫ Domino Version9.0.1 Updatefixpack_7

Hcltech ≫ Domino Version9.0.1 Updatefixpack_8

Hcltech ≫ Domino Version9.0.1 Updatefixpack_9

Hcltech ≫ Domino Version10.0.0

Hcltech ≫ Domino Version10.0.1 Update-

Hcltech ≫ Domino Version10.0.1 Updatefixpack_1

Hcltech ≫ Domino Version10.0.1 Updatefixpack_2

Hcltech ≫ Domino Version10.0.1 Updatefixpack_3

Hcltech ≫ Domino Version10.0.1 Updatefixpack_4

Hcltech ≫ Domino Version10.0.1 Updatefixpack_5

Hcltech ≫ Domino Version10.0.1 Updatefixpack_6

Hcltech ≫ Domino Version10.0.1 Updatefixpack_7

Hcltech ≫ Domino Version11.0.1 Update-

Hcltech ≫ Domino Version11.0.1 Updatefixpack_1

Hcltech ≫ Domino Version11.0.1 Updatefixpack_2

Hcltech ≫ Domino Version11.0.1 Updatefixpack_3

Hcltech ≫ Domino Version11.0.1 Updatefixpack_4

Hcltech ≫ Domino Version11.0.1 Updatefixpack_5

Hcltech ≫ Domino Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.231

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@hcl.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101017

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-38654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38654

EUVD