Lucene search

HCLCVE-2020-14268

HistoryDec 14, 2020 - 4:15 p.m.

CVE-2020-14268

2020-12-1416:15:11

CWE-787

HCL

web.nvd.nist.gov

cve-2020-14268

notes client

mime

message handling

vulnerability

unauthenticated attacker

stack buffer overflow

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.

Affected configurations

Nvd

Node

hcltechnotesRange9.0–9.0.1

hcltechnotesRange10.0–10.0.1

hcltechnotesMatch9.0.1-

hcltechnotesMatch9.0.1fp10

hcltechnotesMatch9.0.1fp10if1

hcltechnotesMatch9.0.1fp10if2

hcltechnotesMatch9.0.1fp10if3

hcltechnotesMatch9.0.1fp10if4

hcltechnotesMatch9.0.1fp10if5

hcltechnotesMatch9.0.1fp10if6

hcltechnotesMatch9.0.1fp10if7

hcltechnotesMatch9.0.1fp1if1

hcltechnotesMatch9.0.1fp1if2

hcltechnotesMatch9.0.1fp2if1

hcltechnotesMatch9.0.1fp2if2

hcltechnotesMatch9.0.1fp2if3

hcltechnotesMatch9.0.1fp2if4

hcltechnotesMatch9.0.1fp3if1

hcltechnotesMatch9.0.1fp3if2

hcltechnotesMatch9.0.1fp3if3

hcltechnotesMatch9.0.1fp3if4

hcltechnotesMatch9.0.1fp4if1

hcltechnotesMatch9.0.1fp4if2

hcltechnotesMatch9.0.1fp5if1

hcltechnotesMatch9.0.1fp5if2

hcltechnotesMatch9.0.1fp5if3

hcltechnotesMatch9.0.1fp7if1

hcltechnotesMatch9.0.1fp7if2

hcltechnotesMatch9.0.1fp8if1

hcltechnotesMatch9.0.1fp9if1

hcltechnotesMatch9.0.1fp9if2

hcltechnotesMatch10.0.1-

hcltechnotesMatch10.0.1fp1

hcltechnotesMatch10.0.1fp2

hcltechnotesMatch10.0.1fp3

VendorProductVersionCPE
hcltechnotes*cpe:2.3:a:hcltech:notes:*:*:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*
hcltechnotes9.0.1cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*

Vendor	Product	Version	CPE
hcltech	notes	*	cpe:2.3:a:hcltech:notes::::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:-::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if1::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if2::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if3::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if4::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if5::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if6::::::
hcltech	notes	9.0.1	cpe:2.3:a:hcltech:notes:9.0.1:fp10if7::::::

Rows per page:

1-10 of 341

CNA Affected

[
  {
    "product": "HCL Notes",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v9, v10"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085762

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2020-14268