Sign-up

ID

VAR-202211-0385


CVE

CVE-2022-38654


TITLE

HCL Technologies Limited  of  Domino server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020434

DESCRIPTION

HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-38654 // JVNDB: JVNDB-2022-020434

AFFECTED PRODUCTS

vendor:hcltechmodel:dominoscope:eqversion:9.0.1

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:10.0.1

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:11.0.1

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:10.0.0

Trust: 1.0

vendor:hcltechmodel:dominoscope:eqversion:12.0

Trust: 1.0

vendor:hclmodel:domino serverscope:eqversion:9.0.1

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion:10.0.1

Trust: 0.8

vendor:hclmodel:domino serverscope: - version: -

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion: -

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion:10.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020434 // NVD: CVE-2022-38654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38654
value: MEDIUM

Trust: 1.0

psirt@hcl.com: CVE-2022-38654
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-38654
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2117
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-38654
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-38654
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020434 // CNNVD: CNNVD-202211-2117 // NVD: CVE-2022-38654 // NVD: CVE-2022-38654

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020434 // NVD: CVE-2022-38654

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2117

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2117

PATCH

title:HCL Technologies HCL Domino Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213292

Trust: 0.6

sources: CNNVD: CNNVD-202211-2117

EXTERNAL IDS

db:NVDid:CVE-2022-38654

Trust: 3.2

db:JVNDBid:JVNDB-2022-020434

Trust: 0.8

db:CNNVDid:CNNVD-202211-2117

Trust: 0.6

sources: JVNDB: JVNDB-2022-020434 // CNNVD: CNNVD-202211-2117 // NVD: CVE-2022-38654

REFERENCES

url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0101017

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-38654

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-38654/

Trust: 0.6

url:https://vigilance.fr/vulnerability/hcl-domino-file-reading-via-ignored-xacl-39844

Trust: 0.6

sources: JVNDB: JVNDB-2022-020434 // CNNVD: CNNVD-202211-2117 // NVD: CVE-2022-38654

SOURCES

db:JVNDBid:JVNDB-2022-020434
db:CNNVDid:CNNVD-202211-2117
db:NVDid:CVE-2022-38654

LAST UPDATE DATE

2024-08-14T14:43:39.634000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-020434date:2023-11-01T08:20:00
db:CNNVDid:CNNVD-202211-2117date:2022-11-08T00:00:00
db:NVDid:CVE-2022-38654date:2023-11-07T03:50:10.510

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-020434date:2023-11-01T00:00:00
db:CNNVDid:CNNVD-202211-2117date:2022-11-04T00:00:00
db:NVDid:CVE-2022-38654date:2022-11-04T21:15:10.710