CVE-2020-14225

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
HCLCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
hcltechhcl_inotes
10.0.1
hcltechhcl_inotes
10.0.1:fixpack1
hcltechhcl_inotes
10.0.1:fixpack2
hcltechhcl_inotes
10.0.1:fixpack3
hcltechhcl_inotes
10.0.1:fixpack4
hcltechhcl_inotes
11.0.0
hcltechswhcl_inotes
𝑥
< 9.0.1
hcltechswhcl_inotes
9.0.1:fixpack_8
hcltechswhcl_inotes
9.0.1:fixpack_9
hcltechswhcl_inotes
9.0.1:fixpack_9_interim_fix_1
𝑥
= Vulnerable software versions
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915