CVE-2020-4097

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
HCLCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
hcltechnotes
9.0 ≤
𝑥
≤ 9.0.1
hcltechnotes
11.0 ≤
𝑥
≤ 11.0.1
hcltechnotes
9.0.1:fp10
hcltechnotes
9.0.1:fp10if1
hcltechnotes
9.0.1:fp10if2
hcltechnotes
9.0.1:fp10if3
hcltechnotes
9.0.1:fp10if4
hcltechnotes
9.0.1:fp10if5
hcltechnotes
9.0.1:fp10if6
hcltechnotes
9.0.1:fp10if7
hcltechnotes
9.0.1:fp1if1
hcltechnotes
9.0.1:fp1if2
hcltechnotes
9.0.1:fp2if1
hcltechnotes
9.0.1:fp2if2
hcltechnotes
9.0.1:fp2if3
hcltechnotes
9.0.1:fp2if4
hcltechnotes
9.0.1:fp3if1
hcltechnotes
9.0.1:fp3if2
hcltechnotes
9.0.1:fp3if3
hcltechnotes
9.0.1:fp3if4
hcltechnotes
9.0.1:fp4if1
hcltechnotes
9.0.1:fp4if2
hcltechnotes
9.0.1:fp5if1
hcltechnotes
9.0.1:fp5if2
hcltechnotes
9.0.1:fp5if3
hcltechnotes
9.0.1:fp7if1
hcltechnotes
9.0.1:fp7if2
hcltechnotes
9.0.1:fp8if1
hcltechnotes
9.0.1:fp9if1
hcltechnotes
9.0.1:fp9if2
hcltechnotes
10.0.0:fp1
hcltechnotes
10.0.0:fp2
hcltechnotes
10.0.0:fp3
hcltechnotes
10.0.0:fp4
hcltechnotes
10.0.0:fp5
hcltechnotes
10.0.1:fp1
hcltechnotes
10.0.1:fp2
hcltechnotes
10.0.1:fp3
hcltechnotes
10.0.1:fp4
hcltechnotes
10.0.1:fp5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796