CVE-2024-23562

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23562
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*
History

23 Oct 2024, 23:15

Type Values Removed Values Added
Summary (en) This vulnerability is being re-assessed.  Vulnerability details will be updated. The security bulletin will be republished when further details are available. (en) A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.
References
  • {'url': 'https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822', 'tags': ['Broken Link', 'Vendor Advisory'], 'source': 'psirt@hcl.com'}
  • () https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923 -

11 Jul 2024, 16:08

Type Values Removed Values Added
First Time Hcltech domino
Hcltech
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 - Broken Link, Vendor Advisory
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

10 Jul 2024, 15:15

Type Values Removed Values Added
Summary (en) This vulnerability is re-assessed.  Vulnerability details will be updated. (en) This vulnerability is being re-assessed.  Vulnerability details will be updated. The security bulletin will be republished when further details are available.

09 Jul 2024, 18:15

Type Values Removed Values Added
Summary (en) A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. (en) This vulnerability is re-assessed.  Vulnerability details will be updated.

09 Jul 2024, 16:22

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de seguridad en HCL Domino podría permitir la divulgación de información de configuración confidencial. Un atacante remoto no autenticado podría aprovechar esta vulnerabilidad para obtener información y lanzar más ataques contra el sistema afectado.
CWE CWE-200

08 Jul 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-08 16:15

Updated : 2024-10-23 23:15

NVD link : CVE-2024-23562

Mitre link : CVE-2024-23562

CVE.ORG link : CVE-2024-23562

JSON object : View

Products Affected

hcltech

  • domino
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor