TLS Protocol Vulnerability in Domino Server by HCL Technologies
CVE-2017-1712

5.9MEDIUM

Key Information:

Vendor: HCL Software
Status: "hcl Domino"
Vendor: CVE Published:; 1 July 2020

Summary

A vulnerability exists in the TLS protocol implementation of HCL's Domino server that may allow an unauthenticated remote attacker to exploit a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. This flaw enables malicious actors to iteratively probe the targeted server, leveraging a suboptimal TLS stack to potentially recover and decrypt previously captured sessions, thereby compromising sensitive information.

Affected Version(s)

"HCL Domino" "HCL Domino server releases prior to 9.0.1 Fixpack 10. Versions 10 and later are not impacted."

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Nov 30, 2016