CVE-2020-4126

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.

Published: Dec 1, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-4126
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-311

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
hcltech / hcl_inotes	10.0.1-fixpack1	10.0.1-fixpack1.x
hcltech / hcl_inotes	10.0.1-fixpack2	10.0.1-fixpack2.x
hcltech / hcl_inotes	10.0.1-fixpack3	10.0.1-fixpack3.x
hcltech / hcl_inotes	10.0.1-fixpack4	10.0.1-fixpack4.x
hcltech / hcl_inotes	10.0.1-fixpack5	10.0.1-fixpack5.x
hcltech / hcl_inotes	11.0.0	11.0.1
hcltech / hcl_inotes	11.0.1-fixpack1	11.0.1-fixpack1.x
hcltech / hcl_inotes	11.0.1	11.0.1.x
hcltech / hcl_inotes	10.0.1	10.0.1.x
hcltech / hcl_inotes	9.0	10.0.1

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085411

Vulnerability Database

CVE-2020-4126