CVE-2020-14230

Description

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.

Related CPE's

ahcltechdomino********

vulnerable

ahcltechdomino9.0.1-******

vulnerable

ahcltechdomino9.0.1feature_pack_10_interim_fix_3******

vulnerable

ahcltechdomino9.0.1feature_pack_10_interim_fix_4******

vulnerable

ahcltechdomino9.0.1feature_pack_8******

vulnerable

ahcltechdomino9.0.1feature_pack_8_interim_fix_1******

vulnerable

ahcltechdomino9.0.1feature_pack_8_interim_fix_2******

vulnerable

ahcltechdomino9.0.1feature_pack_8_interim_fix_3******

vulnerable

ahcltechdomino********

vulnerable

ahcltechdomino10.0.1-******

vulnerable

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303

Patch

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE