CVE-2020-14225

Published: Dec 21, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.

Affected (10)

Products: Hcltech: Hcl Inotes · Hcltechsw: Hcl Inotes

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Hcltech Hcl Inotes	Version 10.0.1
Hcltech Hcl Inotes	Version 10.0.1 fixpack1
Hcltech Hcl Inotes	Version 10.0.1 fixpack2
Hcltech Hcl Inotes	Version 10.0.1 fixpack3
Hcltech Hcl Inotes	Version 10.0.1 fixpack4
Hcltech Hcl Inotes	Version 11.0.0
Hcltechsw Hcl Inotes	Before 9.0.1
Hcltechsw Hcl Inotes	Version 9.0.1 fixpack_8
Hcltechsw Hcl Inotes	Version 9.0.1 fixpack_9
Hcltechsw Hcl Inotes	Version 9.0.1 fixpack_9_interim_fix_1

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.