CVE-2022-38660 | SynScan

Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2022-38660

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.

Published: Nov 4, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-38660
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
hcltech / domino	-	9.0.1
hcltech / domino	9.0.1-feature_pack_10_interim_fix_3	9.0.1-feature_pack_10_interim_fix_3.x
hcltech / domino	9.0.1-feature_pack_10_interim_fix_4	9.0.1-feature_pack_10_interim_fix_4.x
hcltech / domino	9.0.1-feature_pack_8	9.0.1-feature_pack_8.x
hcltech / domino	9.0.1-feature_pack_8_interim_fix_1	9.0.1-feature_pack_8_interim_fix_1.x
hcltech / domino	9.0.1-feature_pack_8_interim_fix_2	9.0.1-feature_pack_8_interim_fix_2.x
hcltech / domino	9.0.1-feature_pack_8_interim_fix_3	9.0.1-feature_pack_8_interim_fix_3.x
hcltech / domino	9.0.1-feature_pack_10_interim_fix_5	9.0.1-feature_pack_10_interim_fix_5.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037