Sign-up

ID

VAR-202208-1939


CVE

CVE-2022-27558


TITLE

HCL Technologies Limited  of  Domino server  and  HCL iNotes  Vulnerability in requesting weak passwords in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016004

DESCRIPTION

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. HCL Technologies Limited of Domino server and HCL iNotes contains a weak password requirement vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-27558 // JVNDB: JVNDB-2022-016004

AFFECTED PRODUCTS

vendor:hcltechmodel:dominoscope:eqversion:12.0.1

Trust: 1.0

vendor:hcltechmodel:hcl inotesscope:eqversion:12.0.1

Trust: 1.0

vendor:hclmodel:domino serverscope: - version: -

Trust: 0.8

vendor:hclmodel:inotesscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016004 // NVD: CVE-2022-27558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27558
value: HIGH

Trust: 1.0

psirt@hcl.com: CVE-2022-27558
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-27558
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202208-4034
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-27558
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@hcl.com: CVE-2022-27558
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-27558
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016004 // CNNVD: CNNVD-202208-4034 // NVD: CVE-2022-27558 // NVD: CVE-2022-27558

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.0

problemtype:Weak password request (CWE-521) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-016004 // NVD: CVE-2022-27558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-4034

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-4034

EXTERNAL IDS

db:NVDid:CVE-2022-27558

Trust: 3.2

db:JVNDBid:JVNDB-2022-016004

Trust: 0.8

db:CNNVDid:CNNVD-202208-4034

Trust: 0.6

sources: JVNDB: JVNDB-2022-016004 // CNNVD: CNNVD-202208-4034 // NVD: CVE-2022-27558

REFERENCES

url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0100217

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-27558

Trust: 0.8

url:https://vigilance.fr/vulnerability/hcl-domino-inotes-user-access-via-password-strength-checks-39119

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-27558/

Trust: 0.6

sources: JVNDB: JVNDB-2022-016004 // CNNVD: CNNVD-202208-4034 // NVD: CVE-2022-27558

SOURCES

db:JVNDBid:JVNDB-2022-016004
db:CNNVDid:CNNVD-202208-4034
db:NVDid:CVE-2022-27558

LAST UPDATE DATE

2024-08-14T15:21:38.889000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-016004date:2023-09-29T08:07:00
db:CNNVDid:CNNVD-202208-4034date:2022-09-02T00:00:00
db:NVDid:CVE-2022-27558date:2022-09-01T20:54:28.977

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-016004date:2023-09-29T00:00:00
db:CNNVDid:CNNVD-202208-4034date:2022-08-25T00:00:00
db:NVDid:CVE-2022-27558date:2022-08-29T16:15:08.573