Auto-merge PR#5769

2025-07-29 05:56:59 +00:00 · 2022-05-19 17:25:16 -04:00 · 2022-05-19 17:25:16 -04:00 · e2db963c63
commit e2db963c63
parent 22e76c5525 ae693f7c33
1 changed files with 81 additions and 8 deletions
--- a/2020/4xxx/CVE-2020-4107.json
+++ b/2020/4xxx/CVE-2020-4107.json
@ -1,18 +1,91 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "PSIRT@hcl.com",
+        "DATE_PUBLIC": "2021-05-11T00:00:00.000Z",
        "ID": "CVE-2020-4107",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "HCL Domino is affected by an Insufficient Access Control vulnerability"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "HCL Domino ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "9, 10 and 11"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "HCL Software"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "HCL Domino is affected by an Insufficient Access Control vulnerability.  An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.  "
            }
        ]
-    }
-}
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.8,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-284 Improper Access Control"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "work_around": [
+        {
+            "lang": "eng",
+            "value": "Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:\n\nSharedMemoryAllowOnly=1\n\nNote that enabling this protection can impact some activities, see additional information in article, KB0090343.\nhttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090343"
+        }
+    ]
+}