CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-38660 – HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38660
04 Nov 2022 — HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. Las aplicaciones HCL XPages son susceptibles a una vulnerabilidad de Cross-Site Request Forgery (CSRF). Un atacante no autenticado podría aprovechar esta vulnerabilidad para realizar acciones en la aplicación en nombre del usuario que inició sesión. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-14230
https://notcve.org/view.php?id=CVE-2020-14230
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio causada por una comprobación inapropiada de la entrada suministrada por el usuario. Un atacante remoto no au... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14234
https://notcve.org/view.php?id=CVE-2020-14234
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario, dándole potencialmente al atacante la capacidad de bloquear el servidor. Versiones anteriores a ve... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1712
https://notcve.org/view.php?id=CVE-2017-1712
01 Jul 2020 — "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions." "Una vulnerabilidad en la implementación del protocolo TLS del servidor Domino podría permitir a un atac... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2012-6277
https://notcve.org/view.php?id=CVE-2012-6277
21 Feb 2020 — Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of unde... • https://support.symantec.com/us/en/article.symsa1262.html •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-6087
https://notcve.org/view.php?id=CVE-2016-6087
07 Jun 2017 — IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. IBM Domino versiones 8.5 y 9.0 podría permitir a un atacante robar credenciales utilizando varias sesiones y grandes cantidades de datos mediante la validación de Domino TLS Key Exchange. IBM X-Force ID: 117918. • http://www.ibm.com/support/docview.wss?uid=swg22002808 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2017-1274 – Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
https://notcve.org/view.php?id=CVE-2017-1274
25 Apr 2017 — IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. IBM Domino versiones 8.5.3 y 9.0 es vulnerable a desbordamiento basado en pila en el servicio IMAP lo que podría permitir a un atacante autenticado ejecutar código arbitrario especificando un nombre largo de buzón. IBM X-Force ID: 124749. • https://packetstorm.news/files/id/152786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-2938
https://notcve.org/view.php?id=CVE-2016-2938
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 51EXPL: 0CVE-2016-5880
https://notcve.org/view.php?id=CVE-2016-5880
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-2939
https://notcve.org/view.php?id=CVE-2016-2939
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •