Vulnerability-Lookup

CVE-2020-4089 (GCVE-0-2020-4089)

Vulnerability from cvelistv5 – Published: 2020-06-26 22:55 – Updated: 2024-08-04 07:52

Summary

HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.

Severity ?

No CVSS data available.

CWE

"Information Leakage"

Assigner

HCL

References

URL

Tags

https://support.hcltechsw.com/csm?id=kb_article&s…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	HCL	HCL Notes	Affected: All versions of HCL Notes v9 Affected: All versions of HCL Notes v10 Affected: All versions of HCL Notes v11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HCL Notes",
          "vendor": "HCL",
          "versions": [
            {
              "status": "affected",
              "version": "All versions of HCL Notes v9"
            },
            {
              "status": "affected",
              "version": "All versions of HCL Notes v10"
            },
            {
              "status": "affected",
              "version": "All versions of HCL Notes v11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "\"Information Leakage\"",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T22:55:30.000Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "ID": "CVE-2020-4089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HCL Notes",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions of HCL Notes v9"
                          },
                          {
                            "version_value": "All versions of HCL Notes v10"
                          },
                          {
                            "version_value": "All versions of HCL Notes v11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HCL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "\"Information Leakage\""
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343",
              "refsource": "CONFIRM",
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2020-4089",
    "datePublished": "2020-06-26T22:55:30.000Z",
    "dateReserved": "2019-12-30T00:00:00.000Z",
    "dateUpdated": "2024-08-04T07:52:20.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2021-13723

Vulnerability from cnvd - Published: 2021-03-02

Title

HCL Notes信息泄露漏洞

Description

HCL Notes是印度HCL公司的一款电子邮件软件。该软件支持访问电子邮件、日历和联系人等。 HCL Notes 9版本、10版本和11版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Severity

中

Patch Name

HCL Notes信息泄露漏洞的补丁

Patch Description

HCL Notes是印度HCL公司的一款电子邮件软件。该软件支持访问电子邮件、日历和联系人等。 HCL Notes 9版本、10版本和11版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.hcltech.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-4089

Impacted products

Name
['HCL HCL Notes 9', 'HCL HCL Notes 10', 'HCL HCL Notes 11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-4089"
    }
  },
  "description": "HCL Notes\u662f\u5370\u5ea6HCL\u516c\u53f8\u7684\u4e00\u6b3e\u7535\u5b50\u90ae\u4ef6\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bbf\u95ee\u7535\u5b50\u90ae\u4ef6\u3001\u65e5\u5386\u548c\u8054\u7cfb\u4eba\u7b49\u3002\n\nHCL Notes 9\u7248\u672c\u300110\u7248\u672c\u548c11\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.hcltech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-13723",
  "openTime": "2021-03-02",
  "patchDescription": "HCL Notes\u662f\u5370\u5ea6HCL\u516c\u53f8\u7684\u4e00\u6b3e\u7535\u5b50\u90ae\u4ef6\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bbf\u95ee\u7535\u5b50\u90ae\u4ef6\u3001\u65e5\u5386\u548c\u8054\u7cfb\u4eba\u7b49\u3002\r\n\r\nHCL Notes 9\u7248\u672c\u300110\u7248\u672c\u548c11\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HCL Notes\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HCL HCL Notes 9",
      "HCL HCL Notes 10",
      "HCL HCL Notes 11"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-4089",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-28",
  "title": "HCL Notes\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2020-4089

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-4089

Aliases

CVE-2020-4089

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-4089",
    "description": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.",
    "id": "GSD-2020-4089"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-4089"
      ],
      "details": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.",
      "id": "GSD-2020-4089",
      "modified": "2023-12-13T01:21:48.141327Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@hcl.com",
        "ID": "CVE-2020-4089",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HCL Notes",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions of HCL Notes v9"
                        },
                        {
                          "version_value": "All versions of HCL Notes v10"
                        },
                        {
                          "version_value": "All versions of HCL Notes v11"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HCL"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "\"Information Leakage\""
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343",
            "refsource": "CONFIRM",
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "ID": "CVE-2020-4089"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-06-26T23:15Z"
    }
  }
}

FKIE_CVE-2020-4089

Vulnerability from fkie_nvd - Published: 2020-06-26 23:15 - Updated: 2024-11-21 05:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080343	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080343	Vendor Advisory

Impacted products

Vendor	Product	Version
hcltech	notes	9.0
hcltech	notes	10.0
hcltech	notes	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "19015D39-9117-4A6E-BCD7-0951CB185399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C46D23-F52D-46D7-973B-FEF916ECD181",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06AD0ACF-704C-4BBE-9059-1A1E9008D7A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected."
    },
    {
      "lang": "es",
      "value": "HCL Notes es susceptible a una vulnerabilidad de filtrado de informaci\u00f3n por medio de su soporte para el protocolo \"mailto\". Esta vulnerabilidad podr\u00eda resultar que los archivos desde el sistema de archivos de usuario o el sistema de archivos de red conectados sean filtrados hacia un tercero. Todas las versiones de HCL Notes 9, 10 y 11 est\u00e1n afectadas"
    }
  ],
  "id": "CVE-2020-4089",
  "lastModified": "2024-11-21T05:32:16.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-26T23:15:11.253",
  "references": [
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-86J9-2VJW-F9PP

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-4089"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-26T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "HCL Notes is vulnerable to an information leakage vulnerability through its support for the \u0027mailto\u0027 protocol. This vulnerability could result in files from the user\u0027s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.",
  "id": "GHSA-86j9-2vjw-f9pp",
  "modified": "2022-05-24T17:21:56Z",
  "published": "2022-05-24T17:21:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4089"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-4089 (GCVE-0-2020-4089)

CNVD-2021-13723

GSD-2020-4089

FKIE_CVE-2020-4089

GHSA-86J9-2VJW-F9PP

Tags

Sightings

Nomenclature