HCL Domino AppDev Pack is susceptible to a User Account Enumeration vulnerability
CVE-2023-28015

5.3MEDIUM

Key Information:

Vendor: HCL Software
Status: Domino AppDev Pack
Vendor: CVE Published:; 23 May 2023

Summary

The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.

Affected Version(s)

Domino AppDev Pack < 1.0.6

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Mar 10, 2023