CVE-2024-23562 - OpenCVE

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Hcltech	Domino

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:domino:11.0:::::::*
	cpe:2.3:a:hcltech:domino:12.0:::::::*
	cpe:2.3:a:hcltech:domino:14.0:::::::*

No data.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923

History

Wed, 23 Oct 2024 23:45:00 +0000

Type	Values Removed	Values Added
References	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822

Wed, 23 Oct 2024 23:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:hcltech:domino:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 22:45:00 +0000

Type	Values Removed	Values Added
Description	This vulnerability is being re-assessed. Vulnerability details will be updated. The security bulletin will be republished when further details are available.	A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-07-08T15:57:08.805Z

Updated: 2024-10-23T22:25:56.279Z

Reserved: 2024-01-18T07:29:56.728Z

Link: CVE-2024-23562

Vulnrichment

Updated: 2024-08-01T23:06:25.294Z

NVD

Status : Modified

Published: 2024-07-08T16:15:07.797

Modified: 2024-10-23T23:15:12.397

Link: CVE-2024-23562

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23562", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-01-18T07:29:56.728Z", "datePublished": "2024-07-08T15:57:08.805Z", "dateUpdated": "2024-10-23T22:25:56.279Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Domino Server", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "11, 12, 14"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Christopher O\u2019Boyle \u2013 Black Duck Cybersecurity Research Center (CyRC) Researcher"}], "datePublic": "2024-10-23T21:39:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."}], "value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-23T22:25:56.279Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Domino is susceptible to an information disclosure vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "hcltech", "product": "domino", "cpes": ["cpe:2.3:a:hcltech:domino:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "unknown", "lessThanOrEqual": "10.0", "versionType": "custom"}, {"version": "11.0", "status": "affected"}, {"version": "12.0", "status": "affected"}, {"version": "14.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T17:16:51.297260Z", "id": "CVE-2024-23562", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:58:27.409Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.294Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.294Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23562", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T17:16:51.297260Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hcltech:domino:-:*:*:*:*:*:*:*"], "vendor": "hcltech", "product": "domino", "versions": [{"status": "unknown", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.0"}, {"status": "affected", "version": "11.0"}, {"status": "affected", "version": "12.0"}, {"status": "affected", "version": "14.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T17:30:18.230Z"}}], "cna": {"title": "HCL Domino is susceptible to an information disclosure vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Christopher O\u2019Boyle \u2013 Black Duck Cybersecurity Research Center (CyRC) Researcher"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "Domino Server", "versions": [{"status": "affected", "version": "11, 12, 14"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-23T21:39:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.", "supportingMedia": [{"type": "text/html", "value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-23T22:25:56.279Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23562", "state": "PUBLISHED", "dateUpdated": "2024-10-23T22:25:56.279Z", "dateReserved": "2024-01-18T07:29:56.728Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-07-08T15:57:08.805Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7CA3E60-DC49-4AF6-91D2-507FDE6E0F19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad en HCL Domino podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n de configuraci\u00f3n confidencial. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n y lanzar m\u00e1s ataques contra el sistema afectado."}], "id": "CVE-2024-23562", "lastModified": "2024-10-23T23:15:12.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2024-07-08T16:15:07.797", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}