Tabnabbing Vulnerability in HCL iNotes
CVE-2020-14225

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Inotes
Vendor: CVE Published:; 21 December 2020

Summary

HCL iNotes is impacted by a Tabnabbing vulnerability resulting from inadequate sanitization of message content. This flaw enables an unauthenticated remote attacker to craft malicious links that deceive users into entering their sensitive information, such as login credentials, through a phishing scheme. Users may unknowingly interact with these deceptive forms, posing considerable risks to account security and personal data integrity.

Affected Version(s)

HCL iNotes versions previous to releases 9.0.1 FP10 IF6

HCL iNotes 10.0.1 FP5 and 11.0.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2020
Vulnerability Reserved
Jun 17, 2020