DoS and malicious code attacks against groupware HCL Notes possible
Source: Heise.de added 22nd Dec 2020
Anyone who relies on the groupware software HCL Notes when processing projects should update it due to a recently discovered security gap. The web client iNotes is also vulnerable.
DoS, malicious code, XSS HCL Notes is closely linked to an e-mail link. A vulnerability (CVE – 2020 – 14224) concerns the handling of MIME mails. A remote attacker could use a specially prepared message to provoke a buffer overflow. That ends in a crash (DoS). Under certain circumstances, even executing malicious code with the rights of the victim is conceivable, warn the developers in an article.
The vulnerability is related to the threat level ” high “classified. Only version 9 is affected. Admins should contact HCL support for a repaired version.
The second vulnerability (CVE – 2020 – 14271) applies to the iNotes web client. If an attacker successfully tackles the vulnerability, he could carry out an XSS attack and push his own code into a web browser. The iNotes issues 9, 10 and 11 are vulnerable. The developers have the weaknesses in the versions 10. 0.1 FP6 and 11. 0.1 FP2 closed. The gap is also classified as ” high “.
(of)
brands: 11 CODE media: Heise.de keywords: Software
Related posts
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Related Products
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91
Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91