CVE-2020-4102

Published: Dec 2, 2020Modified: Jun 17, 2026

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.

Affected (10)

Products: Hcltech: Notes

Hcltech

1 product

Notes

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Hcltech Notes	From 9.0.0 to 9.0.1
Hcltech Notes	Version 10.0.1
Hcltech Notes	Version 10.0.1 fp1
Hcltech Notes	Version 10.0.1 fp2
Hcltech Notes	Version 10.0.1 fp3
Hcltech Notes	Version 10.0.1 fp4
Hcltech Notes	Version 10.0.1 fp5
Hcltech Notes	Version 10.0
Hcltech Notes	Version 11.0.1
Hcltech Notes	Version 11.0

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085499

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085499

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.