CVE-2020-4102

Published Dec 2, 2020

Last updated 4 years ago

CVSS medium 6.7

Overview

Description: HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
Source: psirt@hcl.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "071126BF-BD0E-4134-B5D2-81DC9A37CD9A",
            "versionEndIncluding": "9.0.1",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3C46D23-F52D-46D7-973B-FEF916ECD181"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06AD0ACF-704C-4BBE-9059-1A1E9008D7A4"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:notes:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBE658FD-FD4C-4BB8-9AD7-6AB40AB1BDC2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References