CVE-2017-1712

5.9MEDIUM

Key Information:

Vendor: HCL Software
Status: "hcl Domino"
Vendor: CVE Published:; 1 July 2020

Summary

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."

Affected Version(s)

"HCL Domino" "HCL Domino server releases prior to 9.0.1 Fixpack 10. Versions 10 and later are not impacted."

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Nov 30, 2016