CVE-2020-14225 - OpenCVE

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Hcl Inotes
Hcltechsw	Hcl Inotes

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3::::::
	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.0:::::::*
	cpe:2.3:a:hcltechsw:hcl_inotes::::::::
	cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_8::::::
	cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9::::::
	cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9_interim_fix_1::::::

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2020-12-21T17:09:24

Updated: 2024-08-04T12:39:36.190Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14225

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-21T18:15:14.383

Modified: 2020-12-23T16:04:25.837

Link: CVE-2020-14225

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HCL iNotes", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions previous to releases 9.0.1 FP10 IF6"}, {"status": "affected", "version": "10.0.1 FP5 and 11.0.1"}]}], "descriptions": [{"lang": "en", "value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."}], "problemTypes": [{"descriptions": [{"description": "\"Tabnabbing vulnerability\"", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-21T17:09:24", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "ID": "CVE-2020-14225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HCL iNotes", "version": {"version_data": [{"version_value": "versions previous to releases 9.0.1 FP10 IF6"}, {"version_value": "10.0.1 FP5 and 11.0.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "\"Tabnabbing vulnerability\""}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.190Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915"}]}]}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2020-14225", "datePublished": "2020-12-21T17:09:24", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.190Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*", "matchCriteriaId": "7AA0BE4B-C5B2-4F0A-AE23-25032CC7C2E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*", "matchCriteriaId": "AE8447C7-B040-461A-88AD-C407A3867928", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*", "matchCriteriaId": "080E290A-A18E-45A6-9039-369763AC27CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*", "matchCriteriaId": "EE08595A-7384-4DED-854F-B28C4C431FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "63B76DD1-79D7-4320-A1E8-7B5BF5345B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BAF9E37-610E-4E7C-A1D9-ADA85818DBC3", "versionEndExcluding": "9.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*", "matchCriteriaId": "E43BA08A-3541-4F11-A5D4-2D2E5A775D66", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*", "matchCriteriaId": "DD04A768-66DA-42B6-82AE-0DEDB8E9DB31", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_inotes:9.0.1:fixpack_9_interim_fix_1:*:*:*:*:*:*", "matchCriteriaId": "419B397B-51F7-4C6A-A824-8082219850F6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."}, {"lang": "es", "value": "HCL iNotes es susceptible a una vulnerabilidad de tipo Tabnabbing causada por un saneamiento inapropiado del contenido del mensaje. Un atacante no autenticado remoto podr\u00eda usar esta vulnerabilidad para enga\u00f1ar al usuario final para que ingrese informaci\u00f3n confidencial, tales como credenciales, por ejemplo, como parte de un ataque de phishing"}], "id": "CVE-2020-14225", "lastModified": "2020-12-23T16:04:25.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-21T18:15:14.383", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}