Information Leakage in HCL Notes Affects Multiple Versions
CVE-2020-4089

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Notes
Vendor: CVE Published:; 26 June 2020

Summary

HCL Notes is susceptible to information leakage via the 'mailto' protocol, which may allow unauthorized third parties to access files from the user's local filesystem or connected network filesystems. This issue affects all versions of HCL Notes 9, 10, and 11, potentially exposing sensitive data if exploited.

Affected Version(s)

HCL Notes All versions of HCL Notes v9

HCL Notes All versions of HCL Notes v10

HCL Notes All versions of HCL Notes v11

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2020
Vulnerability Reserved
Dec 30, 2019