Vulnerability in Hcltech Hcl_inotes

CVE-2020-4126

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and…

EPSS: 0.007 (47.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

  • Hcltech Hcl_inotes — versions 10.0.1, 11.0.1
  • N/a Hcl Inotes — versions v10.0.1 FP6, v11.0.1 FP2 and later

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-4126?
CVE-2020-4126 is a medium-severity vulnerability in Hcltech Hcl_inotes, classified under Missing Encryption of Sensitive Data. CVSS score: 5.9/10. Published 2020-12-01.
How severe is CVE-2020-4126?
Medium severity. CVSS v3 base score is 5.9 out of 10.