CVE-2022-38660

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability.  An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
HCLCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
hcltechdomino
𝑥
< 9.0.1
hcltechdomino
9.0.1:feature_pack_10_interim_fix_3
hcltechdomino
9.0.1:feature_pack_10_interim_fix_4
hcltechdomino
9.0.1:feature_pack_10_interim_fix_5
hcltechdomino
9.0.1:feature_pack_8
hcltechdomino
9.0.1:feature_pack_8_interim_fix_1
hcltechdomino
9.0.1:feature_pack_8_interim_fix_2
hcltechdomino
9.0.1:feature_pack_8_interim_fix_3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037