CVE-2024-30146

EUVD-2024-28082
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.1 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
HCLCNA
4.1 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
hcltechdomino_leap
1.1.3 ≤
𝑥
< 1.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722