CVE-2023-28015 - OpenCVE

The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcl	Domino Appdev Pack

Configuration 1 [-]

cpe:2.3:a:hcl:domino_appdev_pack:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105093

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2023-05-23T21:25:09.044Z

Updated: 2024-08-02T12:23:30.867Z

Reserved: 2023-03-10T03:50:27.023Z

Link: CVE-2023-28015

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-23T22:15:09.120

Modified: 2023-05-31T17:52:43.060

Link: CVE-2023-28015

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28015", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-03-10T03:50:27.023Z", "datePublished": "2023-05-23T21:25:09.044Z", "dateUpdated": "2024-08-02T12:23:30.867Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Domino AppDev Pack", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "< 1.0.6"}]}], "datePublic": "2023-05-23T21:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users.</span><br>"}], "value": "The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. \u00a0 During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. \u00a0The attacker could use this information to focus a brute force attack on valid users.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2023-05-23T21:25:09.044Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105093"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Domino AppDev Pack is susceptible to a User Account Enumeration vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:30.867Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105093", "tags": ["x_transferred"]}]}]}}