7.5

CVE-2023-37517

Medienbericht

HCL Domino Volt and Domino Leap are affected by missing "no cache" headers

Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HcltechDomino Leap Version >= 1.1 < 1.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.087
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@hcl.com 3.2 1.5 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722
Vendor Advisory