Sensitive Cookie Exposure in HCL iNotes by HCL Technologies
CVE-2020-4126

5.9MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Inotes
Vendor: CVE Published:; 1 December 2020

Summary

HCL iNotes is vulnerable to a sensitive cookie exposure issue that allows an unauthenticated remote attacker to capture sensitive cookies by intercepting their transmission over HTTP sessions. This exposes users to the risk of session hijacking and unauthorized access. Users are strongly encouraged to upgrade to the latest versions of HCL Domino and HCL iNotes, specifically 10.0.1 FP6 and 11.0.1 FP2 or later, to mitigate this vulnerability.

Affected Version(s)

HCL iNotes v10.0.1 FP6, v11.0.1 FP2 and later

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2020
Vulnerability Reserved
Dec 30, 2019