CVE-2020-4089

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Notes
Vendor: CVE Published:; 26 June 2020

Summary

HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.

Affected Version(s)

HCL Notes All versions of HCL Notes v9

HCL Notes All versions of HCL Notes v10

HCL Notes All versions of HCL Notes v11

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2020
Vulnerability Reserved
Dec 30, 2019