cvelist/2020/4xxx/CVE-2020-4107.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@hcl.com",
        "DATE_PUBLIC": "2021-05-11T00:00:00.000Z",
        "ID": "CVE-2020-4107",
        "STATE": "PUBLIC",
        "TITLE": "HCL Domino is affected by an Insufficient Access Control vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "HCL Domino ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "9, 10 and 11"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "HCL Software"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-284 Improper Access Control"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221",
                "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "work_around": [
        {
            "lang": "eng",
            "value": "Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:\n\nSharedMemoryAllowOnly=1\n\nNote that enabling this protection can impact some activities, see additional information in article, KB0090343.\nhttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090343"
        }
    ]
}