CVE-2020-4129

HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
HCLCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
hcltechhcl_domino
𝑥
< 9.0.1
hcltechhcl_domino
10.0.0 ≤
𝑥
< 10.0.1
hcltechhcl_domino
11.0.0 ≤
𝑥
< 11.0.1
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_2
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_3
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_4
hcltechhcl_domino
9.0.1:feature_pack_10_interim_fix_5
hcltechhcl_domino
10.0.1:fixpack1
hcltechhcl_domino
10.0.1:fixpack2
hcltechhcl_domino
10.0.1:fixpack3
hcltechhcl_domino
10.0.1:fixpack4
hcltechhcl_domino
10.0.1:fixpack5
𝑥
= Vulnerable software versions
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085407
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085407