Sign-up

ID

VAR-202011-1215


CVE

CVE-2020-4127


TITLE

HCL Domino  Cross Site Request Forgery Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013932

DESCRIPTION

HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. HCL Domino Contains a cross-site request forgery vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-4127 // JVNDB: JVNDB-2020-013932

AFFECTED PRODUCTS

vendor:hcltechmodel:hcl dominoscope:ltversion:9.0.1

Trust: 1.0

vendor:hcltechmodel:hcl dominoscope:eqversion:10.0.1

Trust: 1.0

vendor:hcltechmodel:hcl dominoscope:ltversion:11.0.1

Trust: 1.0

vendor:hcltechmodel:hcl dominoscope:eqversion:9.0.1

Trust: 1.0

vendor:hcltechmodel:hcl dominoscope:gteversion:11.0.0

Trust: 1.0

vendor:hcltechmodel:hcl dominoscope:gteversion:10.0.0

Trust: 1.0

vendor:hcltechmodel:hcl dominoscope:ltversion:10.0.1

Trust: 1.0

vendor:hclmodel:domino serverscope: - version: -

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013932 // NVD: CVE-2020-4127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4127
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-4127
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-2066
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-4127
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-4127
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-4127
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013932 // CNNVD: CNNVD-202011-2066 // NVD: CVE-2020-4127

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013932 // NVD: CVE-2020-4127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-2066

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202011-2066

PATCH

title:KB0085409url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085409

Trust: 0.8

title:Hcl Technologies Domino Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135873

Trust: 0.6

sources: JVNDB: JVNDB-2020-013932 // CNNVD: CNNVD-202011-2066

EXTERNAL IDS

db:NVDid:CVE-2020-4127

Trust: 2.4

db:JVNDBid:JVNDB-2020-013932

Trust: 0.8

db:CNNVDid:CNNVD-202011-2066

Trust: 0.6

sources: JVNDB: JVNDB-2020-013932 // CNNVD: CNNVD-202011-2066 // NVD: CVE-2020-4127

REFERENCES

url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0085409

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-4127

Trust: 1.4

url:https://vigilance.fr/vulnerability/hcl-domino-cross-site-request-forgery-via-login-33999

Trust: 0.6

sources: JVNDB: JVNDB-2020-013932 // CNNVD: CNNVD-202011-2066 // NVD: CVE-2020-4127

SOURCES

db:JVNDBid:JVNDB-2020-013932
db:CNNVDid:CNNVD-202011-2066
db:NVDid:CVE-2020-4127

LAST UPDATE DATE

2024-11-23T22:29:26.229000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-013932date:2021-07-16T01:54:00
db:CNNVDid:CNNVD-202011-2066date:2020-12-07T00:00:00
db:NVDid:CVE-2020-4127date:2024-11-21T05:32:17.997

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-013932date:2021-07-16T00:00:00
db:CNNVDid:CNNVD-202011-2066date:2020-11-30T00:00:00
db:NVDid:CVE-2020-4127date:2020-11-30T22:15:11.167