CVE-2020-4127

EUVD-2020-25374
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
hcltechhcl_domino
𝑥
< 9.0.1
hcltechhcl_domino
10.0.0 ≤
𝑥
< 10.0.1
hcltechhcl_domino
11.0.0 ≤
𝑥
< 11.0.1
hcltechhcl_domino
9.0.1
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_2
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_3
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_4
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_5
hcltechhcl_domino
10.0.1
hcltechhcl_domino
10.0.1:fixpack1
hcltechhcl_domino
10.0.1:fixpack2
hcltechhcl_domino
10.0.1:fixpack3
hcltechhcl_domino
10.0.1:fixpack4
hcltechhcl_domino
10.0.1:fixpack5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085409
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085409