Details of VAR-202011-0097

ID

VAR-202011-0097

CVE

CVE-2020-14234

TITLE

HCL Domino Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013660

DESCRIPTION

HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. HCL Domino is a server of collaborative client-server software platform. The vulnerability stems from improper validation of input provided by the user. Attackers can use this vulnerability to cause the server to crash

Trust: 2.16

sources: NVD: CVE-2020-14234 // JVNDB: JVNDB-2020-013660 // CNVD: CNVD-2020-66308

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-66308

AFFECTED PRODUCTS

vendor:	hcltech	model:	domino	scope:	lt	version:	9.0.1	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	lt	version:	10.0.1	Trust: 1.0
vendor:	hcl	model:	domino server	scope:	eq	version:	9.0.1 fp10 if6	Trust: 0.8
vendor:	hcl	model:	domino server	scope:	eq	version:	-	Trust: 0.8
vendor:	hcl	model:	domino server	scope:	eq	version:	10.0.1	Trust: 0.8
vendor:	hcl	model:	domino fp10 if6	scope:	lt	version:	9.0.1	Trust: 0.6
vendor:	hcl	model:	domino	scope:	lt	version:	10.0.1	Trust: 0.6

sources: CNVD: CNVD-2020-66308 // JVNDB: JVNDB-2020-013660 // NVD: CVE-2020-14234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14234
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14234
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-66308
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202011-1759
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14234
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-66308
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14234
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14234
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-66308 // JVNDB: JVNDB-2020-013660 // CNNVD: CNNVD-202011-1759 // NVD: CVE-2020-14234

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013660 // NVD: CVE-2020-14234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1759

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1759

PATCH

title:	KB0085302	url:	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302&sys_kb_id=6477fa8adbaca854a45ad9fcd39619ed	Trust: 0.8
title:	Patch for HCL Domino Denial of Service Vulnerability (CNVD-2020-66308)	url:	https://www.cnvd.org.cn/patchInfo/show/241153	Trust: 0.6
title:	HCL Technologies Domino Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135529	Trust: 0.6

sources: CNVD: CNVD-2020-66308 // JVNDB: JVNDB-2020-013660 // CNNVD: CNNVD-202011-1759

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14234	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-013660	Trust: 0.8
db:	CNVD	id:	CNVD-2020-66308	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1759	Trust: 0.6

sources: CNVD: CNVD-2020-66308 // JVNDB: JVNDB-2020-013660 // CNNVD: CNNVD-202011-1759 // NVD: CVE-2020-14234

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-14234	Trust: 2.0
url:	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0085302	Trust: 1.6
url:	https://vigilance.fr/vulnerability/hcl-domino-denial-of-service-via-email-message-33947	Trust: 0.6

sources: CNVD: CNVD-2020-66308 // JVNDB: JVNDB-2020-013660 // CNNVD: CNNVD-202011-1759 // NVD: CVE-2020-14234

SOURCES

db:	CNVD	id:	CNVD-2020-66308
db:	JVNDB	id:	JVNDB-2020-013660
db:	CNNVD	id:	CNNVD-202011-1759
db:	NVD	id:	CVE-2020-14234

LAST UPDATE DATE

2024-11-23T21:35:09.003000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-66308	date:	2020-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-013660	date:	2021-07-09T06:23:00
db:	CNNVD	id:	CNNVD-202011-1759	date:	2020-12-02T00:00:00
db:	NVD	id:	CVE-2020-14234	date:	2024-11-21T05:02:54.227

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-66308	date:	2020-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-013660	date:	2021-07-09T00:00:00
db:	CNNVD	id:	CNNVD-202011-1759	date:	2020-11-20T00:00:00
db:	NVD	id:	CVE-2020-14234	date:	2020-11-21T18:15:11.680