Sign-up

ID

VAR-202012-0051


CVE

CVE-2020-14270


TITLE

HCL Domino  Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014747

DESCRIPTION

HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. HCL Domino Is vulnerable to handling exceptional conditions.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-14270 // JVNDB: JVNDB-2020-014747

AFFECTED PRODUCTS

vendor:hcltechmodel:dominoscope:lteversion:10.0.0

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:11.0.0

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:11.0.1

Trust: 1.0

vendor:hcltechmodel:dominoscope:gteversion:9.0.0

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:10.0.1

Trust: 1.0

vendor:hclmodel:domino serverscope:eqversion: -

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion:10

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion:9

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion:11

Trust: 0.8

sources: JVNDB: JVNDB-2020-014747 // NVD: CVE-2020-14270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14270
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-14270
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202012-1298
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-14270
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-14270
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-14270
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-014747 // CNNVD: CNNVD-202012-1298 // NVD: CVE-2020-14270

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014747 // NVD: CVE-2020-14270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1298

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-1298

PATCH

title:KB0085881url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085881

Trust: 0.8

sources: JVNDB: JVNDB-2020-014747

EXTERNAL IDS

db:NVDid:CVE-2020-14270

Trust: 2.4

db:JVNDBid:JVNDB-2020-014747

Trust: 0.8

db:CNNVDid:CNNVD-202012-1298

Trust: 0.6

sources: JVNDB: JVNDB-2020-014747 // CNNVD: CNNVD-202012-1298 // NVD: CVE-2020-14270

REFERENCES

url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0085881

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-14270

Trust: 1.4

url:https://vigilance.fr/vulnerability/hcl-domino-information-disclosure-via-xpages-34160

Trust: 0.6

sources: JVNDB: JVNDB-2020-014747 // CNNVD: CNNVD-202012-1298 // NVD: CVE-2020-14270

SOURCES

db:JVNDBid:JVNDB-2020-014747
db:CNNVDid:CNNVD-202012-1298
db:NVDid:CVE-2020-14270

LAST UPDATE DATE

2024-11-23T22:25:14.965000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-014747date:2021-08-30T08:30:00
db:CNNVDid:CNNVD-202012-1298date:2020-12-24T00:00:00
db:NVDid:CVE-2020-14270date:2024-11-21T05:02:55.750

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-014747date:2021-08-30T00:00:00
db:CNNVDid:CNNVD-202012-1298date:2020-12-17T00:00:00
db:NVDid:CVE-2020-14270date:2020-12-22T21:15:12.617