CVE-2020-4097

moderate-risk
Published 2020-11-05

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
PHYSICAL / LOW complexity

Affected Products (20)

Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes

Affected Vendors

Hcltech

References (2)

Vendor Advisory https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796
Vendor Advisory https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796
46
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 0/34 · Minimal
Exposure 24/34 · High