Vulnerability Details : CVE-2020-4089
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.
Products affected by CVE-2020-4089
- cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:hcltech:notes:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:hcltech:notes:11.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-4089
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-4089
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-4089
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080343
Security Bulletin: HCL Notes is susceptible to an information leakage vulnerability (CVE-2020-4089) - Customer SupportVendor Advisory
Jump to