7.5
CVE-2023-37517
- EPSS 0.16%
- Veröffentlicht 30.04.2025 21:11:44
- Zuletzt bearbeitet 30.10.2025 20:35:18
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL Domino Volt and Domino Leap are affected by missing "no cache" headers
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Domino Leap Version >= 1.1 < 1.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.363 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@hcl.com | 3.2 | 1.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
|
CWE-524 Use of Cache Containing Sensitive Information
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.