Vulnerability Database

311,379

Total vulnerabilities in the database

CVE-2020-4089

HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.

Published: Jun 26, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-4089
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hcltech / notes	9.0	9.0.x
hcltech / notes	11.0	11.0.x
hcltech / notes	10.0	10.0.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080343

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo