CVE-2020-14225

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Inotes
Vendor: CVE Published:; 21 December 2020

Summary

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.

Affected Version(s)

HCL iNotes versions previous to releases 9.0.1 FP10 IF6

HCL iNotes 10.0.1 FP5 and 11.0.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2020
Vulnerability Reserved
Jun 17, 2020