CVE-2022-27547

HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100212	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8::::::
	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0:::::::*
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0:::::::*
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5::::::
	cpe:2.3:a:hcltech:hcl_inotes:12.0:::::::*
	cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1::::::

Configuration 2 (hide)

OR	cpe:2.3:a:hcltech:domino:9.0:::::::*
	cpe:2.3:a:hcltech:domino:9.0.1:-::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8::::::
	cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9::::::
	cpe:2.3:a:hcltech:domino:10.0:::::::*
	cpe:2.3:a:hcltech:domino:10.0.1:-::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7::::::
	cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8::::::
	cpe:2.3:a:hcltech:domino:11.0:::::::*
	cpe:2.3:a:hcltech:domino:11.0.1:-::::::
	cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1::::::
	cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2::::::
	cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3::::::
	cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4::::::
	cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5::::::
	cpe:2.3:a:hcltech:domino:12.0:::::::*
	cpe:2.3:a:hcltech:domino:12.0.1:-::::::
	cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1::::::

History

01 Sep 2022, 20:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-29 16:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-27547

Mitre link : CVE-2022-27547

CVE.ORG link : CVE-2022-27547

JSON object : View

Products Affected

hcltech

domino
hcl_inotes

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

7.4 /10