CVE-2020-4097

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.

Published: Nov 5, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-4097
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
hcltech / notes	9.0	9.0.1.x
hcltech / notes	11.0	11.0.1.x
hcltech / notes	9.0.1-fp7if1	9.0.1-fp7if1.x
hcltech / notes	9.0.1-fp7if2	9.0.1-fp7if2.x
hcltech / notes	9.0.1-fp8if1	9.0.1-fp8if1.x
hcltech / notes	9.0.1-fp9if2	9.0.1-fp9if2.x
hcltech / notes	9.0.1-fp9if1	9.0.1-fp9if1.x
hcltech / notes	9.0.1-fp10	9.0.1-fp10.x
hcltech / notes	9.0.1-fp10if1	9.0.1-fp10if1.x
hcltech / notes	9.0.1-fp10if2	9.0.1-fp10if2.x
hcltech / notes	9.0.1-fp10if3	9.0.1-fp10if3.x
hcltech / notes	9.0.1-fp10if4	9.0.1-fp10if4.x
hcltech / notes	9.0.1-fp10if5	9.0.1-fp10if5.x
hcltech / notes	9.0.1-fp10if6	9.0.1-fp10if6.x
hcltech / notes	9.0.1-fp10if7	9.0.1-fp10if7.x
hcltech / notes	9.0.1-fp4if1	9.0.1-fp4if1.x
hcltech / notes	9.0.1-fp4if2	9.0.1-fp4if2.x
hcltech / notes	9.0.1-fp5if3	9.0.1-fp5if3.x
hcltech / notes	9.0.1-fp5if2	9.0.1-fp5if2.x
hcltech / notes	9.0.1-fp5if1	9.0.1-fp5if1.x
hcltech / notes	9.0.1-fp1if1	9.0.1-fp1if1.x
hcltech / notes	9.0.1-fp1if2	9.0.1-fp1if2.x
hcltech / notes	9.0.1-fp2if1	9.0.1-fp2if1.x
hcltech / notes	9.0.1-fp2if2	9.0.1-fp2if2.x
hcltech / notes	9.0.1-fp2if3	9.0.1-fp2if3.x
hcltech / notes	9.0.1-fp2if4	9.0.1-fp2if4.x
hcltech / notes	9.0.1-fp3if1	9.0.1-fp3if1.x
hcltech / notes	9.0.1-fp3if2	9.0.1-fp3if2.x
hcltech / notes	9.0.1-fp3if3	9.0.1-fp3if3.x
hcltech / notes	9.0.1-fp3if4	9.0.1-fp3if4.x
hcltech / notes	10.0.1-fp4	10.0.1-fp4.x
hcltech / notes	10.0.1-fp3	10.0.1-fp3.x
hcltech / notes	10.0.1-fp2	10.0.1-fp2.x
hcltech / notes	10.0.1-fp1	10.0.1-fp1.x
hcltech / notes	10.0.1-fp5	10.0.1-fp5.x
hcltech / notes	10.0.0-fp1	10.0.0-fp1.x
hcltech / notes	10.0.0-fp2	10.0.0-fp2.x
hcltech / notes	10.0.0-fp3	10.0.0-fp3.x
hcltech / notes	10.0.0-fp4	10.0.0-fp4.x
hcltech / notes	10.0.0-fp5	10.0.0-fp5.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796

Vulnerability Database

289,871

CVE-2020-4097