Login CSRF Vulnerability in HCL Domino
CVE-2020-4127

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Domino
Vendor: CVE Published:; 30 November 2020

🔔 Create HCL Software Vulnerability Alert

What is CVE-2020-4127?

HCL Domino is impacted by a Login Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to exploit a user's session with valid credentials. By manipulating user interactions, an attacker can trick a user into accessing systems under a different identity. This vulnerability not only compromises individual user accounts but may also provide unauthorized access to internal systems from external networks. Users are strongly encouraged to upgrade to the latest versions of HCL Domino to mitigate this risk. Relevant patches have been released in versions 9.0.1 FP10 IF6, 10.0.1 FP6, and 11.0.1 FP1 and later.

Affected Version(s)

HCL Domino v9.0.1 FP10 IF6, v10.0.1 FP6, v11.0.1 FP1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2020
Vulnerability Reserved
Dec 30, 2019

JSON