CVE-2020-4127

Published: Nov 30, 2020Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.

Affected (14)

Products: Hcltech: Hcl Domino

Hcltech

1 product

Hcl Domino

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Hcltech Hcl Domino	Before 9.0.1
Hcltech Hcl Domino	From 10.0.0 to 10.0.1
Hcltech Hcl Domino	From 11.0.0 to 11.0.1
Hcltech Hcl Domino	Version 10.0.1
Hcltech Hcl Domino	Version 10.0.1 fixpack1
Hcltech Hcl Domino	Version 10.0.1 fixpack2
Hcltech Hcl Domino	Version 10.0.1 fixpack3
Hcltech Hcl Domino	Version 10.0.1 fixpack4
Hcltech Hcl Domino	Version 10.0.1 fixpack5
Hcltech Hcl Domino	Version 9.0.1
Hcltech Hcl Domino	Version 9.0.1 feature_pack_10_interim_fix_2
Hcltech Hcl Domino	Version 9.0.1 feature_pack_10_interim_fix_3
Hcltech Hcl Domino	Version 9.0.1 feature_pack_10_interim_fix_4
Hcltech Hcl Domino	Version 9.0.1 feature_pack_10_interim_fix_5

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085409

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085409

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.