Description
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084796
Scores
CVSS v3
6.8
EPSS
0.0008
EPSS Percentile
22.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (4)
hcltech/notes
9.0.1 fp10 (28 CPE variants)
hcltech/notes
10.0.0 fp1 (5 CPE variants)
hcltech/notes
10.0.1 fp1 (5 CPE variants)
hcltech/notes
9.0 - 9.0.1
Published
Nov 05, 2020
Tracked Since
Feb 18, 2026