Lucene search

[email protected]CVE-2023-28015

HistoryMay 23, 2023 - 10:15 p.m.

CVE-2023-28015

2023-05-2322:15:09

[email protected]

web.nvd.nist.gov

cve-2023-28015

hcl domino

appdev pack

iam service

user account enumeration

vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.4%

JSON

The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.

Affected configurations

NVD

Node

hcldomino_appdev_packRange<1.0.16

CPENameOperatorVersion
hcl:domino_appdev_packhcl domino appdev packlt1.0.16

CPE	Name	Operator	Version
hcl:domino_appdev_pack	hcl domino appdev pack	lt	1.0.16

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Domino AppDev Pack",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0.6"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105093

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.4%

JSON

Related for CVE-2023-28015

prion1 cvelist1 nvd1