cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-30132,https://securityvulnerability.io/vulnerability/CVE-2024-30132,security vulnerability in Nomad server on Domino could expose sensitive information,HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.,Hcl Software,Nomad Server On Domino,3.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-01T12:10:08.679Z,0
CVE-2024-30130,https://securityvulnerability.io/vulnerability/CVE-2024-30130,Cache Vulnerability Threatens Sensitive Information in HCL Nomad server on Domino,HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.,Hcl Software,Nomad Server On Domino,3.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-19T02:15:00.000Z,0
CVE-2024-23562,https://securityvulnerability.io/vulnerability/CVE-2024-23562,HCL Domino Security Vulnerability Could Lead to Sensitive Configuration Information Disclosure,"A security vulnerability has been identified in HCL Domino, allowing remote unauthenticated attackers to potentially expose sensitive configuration information. By exploiting this flaw, attackers may gather critical insights to launch further targeted attacks on the affected systems, posing significant risks to data integrity and system security.",Hcl Software,Domino Server,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-07-08T15:57:08.805Z,0
CVE-2024-23588,https://securityvulnerability.io/vulnerability/CVE-2024-23588,Possible Denial of Service Vulnerability in Nomad Server on Domino,HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.,Hcl Software,Nomad Server On Domino,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-05T13:08:46.782Z,0
CVE-2023-37539,https://securityvulnerability.io/vulnerability/CVE-2023-37539,HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability,"The HCL Domino Catalog template contains a Stored Cross-Site Scripting (XSS) vulnerability that can be exploited by an attacker with document editing permissions within the catalog application. By embedding malicious scripts, the attacker can activate the payload upon user interaction, leading to potential data breaches or unauthorized actions. This risk highlights the importance of input validation and stringent access controls to prevent such injection attacks.",Hcl Software,Domino Server,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-06T22:43:59.255Z,0
CVE-2023-37495,https://securityvulnerability.io/vulnerability/CVE-2023-37495,HCL Domino is susceptible to a weak cryptography vulnerability,"A security issue has been identified in the HCL Domino® Directory, where internet passwords stored in Person documents are protected using a cryptographically weak hash algorithm. This vulnerability affects documents created through the 'Add Person' action within the People & Groups tab of the Domino® Administrator. Attackers with access to the hashed values may exploit this flaw, potentially revealing user passwords through methods such as brute force attacks. It is important to note that Person documents generated via user registration processes are not affected by this vulnerability.",Hcl Software,Hcl Domino Server,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:40:00.000Z,0
CVE-2023-28010,https://securityvulnerability.io/vulnerability/CVE-2023-28010,HCL Domino is susceptible to a sensitive information disclosure vulnerability,"In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.
",Hcl Software,Hcl Domino Server,5.3,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-09-08T18:15:00.000Z,0
CVE-2023-28015,https://securityvulnerability.io/vulnerability/CVE-2023-28015,HCL Domino AppDev Pack is susceptible to a User Account Enumeration vulnerability,"The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users.
",HCL Software Software,Domino Appdev Pack,5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-05-23T22:15:00.000Z,0
CVE-2022-44750,https://securityvulnerability.io/vulnerability/CVE-2022-44750,"HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. ","HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.  This vulnerability applies to software previously licensed by IBM.
",Hcl Software,Domino,9.8,CRITICAL,0.0011899999808520079,false,,false,false,false,,,false,false,,2022-12-19T11:15:00.000Z,0
CVE-2022-44752,https://securityvulnerability.io/vulnerability/CVE-2022-44752,HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView,"HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.  This vulnerability applies to software previously licensed by IBM.
",Hcl Software,Domino,9.8,CRITICAL,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-12-19T11:15:00.000Z,0
CVE-2022-44754,https://securityvulnerability.io/vulnerability/CVE-2022-44754,HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.,"HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.  This vulnerability applies to software previously licensed by IBM.
",Hcl Software,Domino,9.8,CRITICAL,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-12-17T03:33:30.577Z,0
CVE-2022-38654,https://securityvulnerability.io/vulnerability/CVE-2022-38654,HCL Domino is susceptible to an information disclosure vulnerability,"HCL Domino is susceptible to an information disclosure vulnerability.  In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions.  An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.
",Hcl Software,Hcl Domino,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-04T20:19:37.257Z,0
CVE-2022-38660,https://securityvulnerability.io/vulnerability/CVE-2022-38660,HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability,"HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability.  An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.  
",Hcl Software,Hcl Domino,8.3,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2022-11-04T19:57:02.979Z,0
CVE-2020-4107,https://securityvulnerability.io/vulnerability/CVE-2020-4107,HCL Domino is affected by an Insufficient Access Control vulnerability,"HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.",Hcl Software,Hcl Domino,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-19T22:15:00.000Z,0
CVE-2020-14273,https://securityvulnerability.io/vulnerability/CVE-2020-14273,Denial of Service Vulnerability in HCL Domino,"HCL Domino is exposed to a Denial of Service (DoS) threat resulting from inadequate validation of input in its public API. This allows unauthenticated attackers to exploit the flaw, potentially leading to server crashes and significant disruptions in service availability.",HCL Software,Hcl Domino,7.5,HIGH,0.0021100000012665987,false,,false,false,false,,,false,false,,2020-12-28T19:06:36.000Z,0
CVE-2020-14270,https://securityvulnerability.io/vulnerability/CVE-2020-14270,Information Disclosure Vulnerability in HCL Domino XPages,"HCL Domino versions 9, 10, and 11 have a vulnerability in the XPages component that can lead to information disclosure due to inadequate error handling of user input. An attacker without authentication could exploit this flaw to extract sensitive information about the XPages environment hosted on the Domino server, potentially aiding in further attacks. Organizations should implement security best practices to mitigate the risks associated with this vulnerability.",HCL Software,Hcl Domino,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-12-22T20:06:31.000Z,0
CVE-2020-14244,https://securityvulnerability.io/vulnerability/CVE-2020-14244,Stack Buffer Overflow in Domino Server by HCL Technologies,"A vulnerability exists in how the Domino server processes MIME messages, particularly in versions 9 and 10. This flaw may be exploited by an unauthenticated attacker, potentially leading to a stack buffer overflow. If successfully executed, this could cause the server to crash or allow the attacker to inject malicious code, which would then execute with the server's privileges. It highlights the importance of securing your server configurations to prevent unauthorized access.",HCL Software,Hcl Domino,9.8,CRITICAL,0.00892999954521656,false,,false,false,false,,,false,false,,2020-12-14T15:39:08.000Z,0
CVE-2020-14260,https://securityvulnerability.io/vulnerability/CVE-2020-14260,Buffer Overflow Vulnerability in HCL Domino Software,"HCL Domino contains a Buffer Overflow vulnerability stemming from inadequate user input validation in its DXL processing. This weakness may allow an attacker to exploit the system, potentially leading to a crash or execution of malicious code on the server. Ensuring proper input sanitization is crucial to protect against such threats.",HCL Software,Hcl Domino,9.8,CRITICAL,0.0024999999441206455,false,,false,false,false,,,false,false,,2020-12-02T00:58:57.000Z,0
CVE-2020-4128,https://securityvulnerability.io/vulnerability/CVE-2020-4128,Lockout Policy Bypass Vulnerability in HCL Domino ID Vault Service,"HCL Domino is exposed to a lockout policy bypass vulnerability that affects its ID Vault service. This flaw allows unauthenticated attackers to circumvent the security controls intended to protect user accounts, potentially enabling them to execute brute force attacks. When exploited, this vulnerability can compromise the integrity of the ID Vault, leading to unauthorized access and data breaches. Organizations using this service should be vigilant and implement appropriate security measures to mitigate the risk.",HCL Software,Hcl Domino,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-12-01T13:12:37.000Z,0
CVE-2020-4129,https://securityvulnerability.io/vulnerability/CVE-2020-4129,LDAP Service Lockout Policy Bypass in HCL Domino,"HCL Domino is affected by a vulnerability in its LDAP service that allows an unauthenticated attacker to bypass lockout policies. This could enable attackers to conduct brute force attacks on the LDAP service, potentially compromising the security of sensitive data. To mitigate this risk, users are advised to upgrade to the patched versions of HCL Domino.",HCL Software,Hcl Domino,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-12-01T00:15:00.000Z,0
CVE-2020-4127,https://securityvulnerability.io/vulnerability/CVE-2020-4127,Login CSRF Vulnerability in HCL Domino,"HCL Domino is impacted by a Login Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to exploit a user's session with valid credentials. By manipulating user interactions, an attacker can trick a user into accessing systems under a different identity. This vulnerability not only compromises individual user accounts but may also provide unauthorized access to internal systems from external networks. Users are strongly encouraged to upgrade to the latest versions of HCL Domino to mitigate this risk. Relevant patches have been released in versions 9.0.1 FP10 IF6, 10.0.1 FP6, and 11.0.1 FP1 and later.",HCL Software,Hcl Domino,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-11-30T21:41:53.000Z,0
CVE-2020-14230,https://securityvulnerability.io/vulnerability/CVE-2020-14230,Denial of Service Vulnerability in HCL Domino,"HCL Domino is vulnerable to a Denial of Service flaw that arises from inadequate validation of user-supplied input. This vulnerability can be exploited by remote unauthenticated attackers who send specially-crafted email messages, potentially causing the server to hang and disrupt service. It is critical for users running versions prior to 9.0.1 FP10 IF6, 10.0.1 FP5, and 11.0.1 to take immediate action to mitigate this risk.",HCL Software,Hcl Domino,7.5,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2020-11-21T17:27:03.000Z,0
CVE-2020-14234,https://securityvulnerability.io/vulnerability/CVE-2020-14234,Denial of Service Vulnerability in HCL Domino,"HCL Domino is exposed to a Denial of Service vulnerability due to inadequate validation of user-supplied input, allowing attackers to potentially crash the server. This issue impacts versions prior to 9.0.1 FP10 IF6 as well as version 10.0.1, posing a risk to server availability and stability.",HCL Software,Hcl Domino,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-11-21T17:05:15.000Z,0
CVE-2017-1712,https://securityvulnerability.io/vulnerability/CVE-2017-1712,TLS Protocol Vulnerability in Domino Server by HCL Technologies,"A vulnerability exists in the TLS protocol implementation of HCL's Domino server that may allow an unauthenticated remote attacker to exploit a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. This flaw enables malicious actors to iteratively probe the targeted server, leveraging a suboptimal TLS stack to potentially recover and decrypt previously captured sessions, thereby compromising sensitive information.",HCL Software,"""hcl Domino""",5.9,MEDIUM,0.0022299999836832285,false,,false,false,false,,,false,false,,2020-07-01T13:47:50.000Z,0