Details of VAR-202208-1912

ID

VAR-202208-1912

CVE

CVE-2022-27547

TITLE

HCL Technologies Limited of HCL iNotes and Domino server Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016005

DESCRIPTION

HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. HCL Technologies Limited of HCL iNotes and Domino server Exists in an open redirect vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-27547 // JVNDB: JVNDB-2022-016005

AFFECTED PRODUCTS

vendor:	hcltech	model:	domino	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	12.0	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	12.0	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	10.0	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	10.0	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	9.0	Trust: 1.0
vendor:	hcltech	model:	domino	scope:	eq	version:	11.0	Trust: 1.0
vendor:	hcltech	model:	hcl inotes	scope:	eq	version:	11.0	Trust: 1.0
vendor:	hcl	model:	domino server	scope:	-	version:	-	Trust: 0.8
vendor:	hcl	model:	inotes	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016005 // NVD: CVE-2022-27547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-27547
value:	HIGH
Trust: 1.0
psirt@hcl.com:	CVE-2022-27547
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-27547
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-4029
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-27547
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0
psirt@hcl.com:	CVE-2022-27547
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-27547
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016005 // CNNVD: CNNVD-202208-4029 // NVD: CVE-2022-27547 // NVD: CVE-2022-27547

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.0
problemtype:	Open redirect (CWE-601) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-016005 // NVD: CVE-2022-27547

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-4029

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202208-4029

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27547	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-016005	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-4029	Trust: 0.6

sources: JVNDB: JVNDB-2022-016005 // CNNVD: CNNVD-202208-4029 // NVD: CVE-2022-27547

REFERENCES

url:	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0100212	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27547	Trust: 0.8
url:	https://vigilance.fr/vulnerability/hcl-domino-inotes-information-disclosure-via-non-existent-domain-link-39118	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-27547/	Trust: 0.6

sources: JVNDB: JVNDB-2022-016005 // CNNVD: CNNVD-202208-4029 // NVD: CVE-2022-27547

SOURCES

db:	JVNDB	id:	JVNDB-2022-016005
db:	CNNVD	id:	CNNVD-202208-4029
db:	NVD	id:	CVE-2022-27547

LAST UPDATE DATE

2024-08-14T15:37:27.702000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-016005	date:	2023-09-29T08:07:00
db:	CNNVD	id:	CNNVD-202208-4029	date:	2022-09-02T00:00:00
db:	NVD	id:	CVE-2022-27547	date:	2022-09-01T20:54:00.237

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-016005	date:	2023-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202208-4029	date:	2022-08-25T00:00:00
db:	NVD	id:	CVE-2022-27547	date:	2022-08-29T16:15:08.507