CVE-2023-37495

{"id": "CVE-2023-37495", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-02-29T01:40:04.220", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107585", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107585", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Internet passwords stored in Person documents in the Domino\u00ae Directory created using the \"Add Person\" action on the People & Groups tab in the Domino\u00ae Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html . \n"}, {"lang": "es", "value": "Las contrase\u00f1as de Internet almacenadas en documentos personales en el directorio de Domino\u00ae creado mediante la acci\u00f3n \"Agregar persona\" en la pesta\u00f1a Personas y grupos del Administrador de Domino\u00ae est\u00e1n protegidas mediante un algoritmo hash criptogr\u00e1ficamente d\u00e9bil. Esto podr\u00eda permitir a los atacantes con acceso al valor hash determinar la contrase\u00f1a de un usuario, por ejemplo, mediante un ataque de fuerza bruta. Este problema no afecta los documentos personales creados mediante el registro de usuario https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html."}], "lastModified": "2025-05-08T16:56:18.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A56E68A6-976F-412D-AA65-7940FB574149", "versionEndExcluding": "14.0", "versionStartIncluding": "9.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}