Sign-up

ID

VAR-202211-0399


CVE

CVE-2022-38660


TITLE

HCL Technologies Limited  of  Domino server  Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020433

DESCRIPTION

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. HCL Technologies Limited of Domino server Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-38660 // JVNDB: JVNDB-2022-020433

AFFECTED PRODUCTS

vendor:hcltechmodel:dominoscope:eqversion:9.0.1

Trust: 1.0

vendor:hcltechmodel:dominoscope:ltversion:9.0.1

Trust: 1.0

vendor:hclmodel:domino serverscope: - version: -

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion: -

Trust: 0.8

vendor:hclmodel:domino serverscope:eqversion:9.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-020433 // NVD: CVE-2022-38660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38660
value: HIGH

Trust: 1.0

psirt@hcl.com: CVE-2022-38660
value: HIGH

Trust: 1.0

NVD: CVE-2022-38660
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-2109
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-38660
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@hcl.com: CVE-2022-38660
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-38660
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020433 // CNNVD: CNNVD-202211-2109 // NVD: CVE-2022-38660 // NVD: CVE-2022-38660

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020433 // NVD: CVE-2022-38660

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2109

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202211-2109

PATCH

title:HCL Technologies XPages Fixes for cross-site request forgery vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213291

Trust: 0.6

sources: CNNVD: CNNVD-202211-2109

EXTERNAL IDS

db:NVDid:CVE-2022-38660

Trust: 3.2

db:JVNDBid:JVNDB-2022-020433

Trust: 0.8

db:CNNVDid:CNNVD-202211-2109

Trust: 0.6

sources: JVNDB: JVNDB-2022-020433 // CNNVD: CNNVD-202211-2109 // NVD: CVE-2022-38660

REFERENCES

url:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=kb0101037

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-38660

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-38660/

Trust: 0.6

sources: JVNDB: JVNDB-2022-020433 // CNNVD: CNNVD-202211-2109 // NVD: CVE-2022-38660

SOURCES

db:JVNDBid:JVNDB-2022-020433
db:CNNVDid:CNNVD-202211-2109
db:NVDid:CVE-2022-38660

LAST UPDATE DATE

2024-08-14T13:42:17.980000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-020433date:2023-11-01T08:20:00
db:CNNVDid:CNNVD-202211-2109date:2022-11-08T00:00:00
db:NVDid:CVE-2022-38660date:2023-11-07T03:50:11.143

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-020433date:2023-11-01T00:00:00
db:CNNVDid:CNNVD-202211-2109date:2022-11-04T00:00:00
db:NVDid:CVE-2022-38660date:2022-11-04T20:15:10.363