CVE-2020-4126
MEDIUMHCL iNotes 9.0-10.0.1 - Unauthenticated Sensitive Cookie Exposure via HTTP Session Interception
Title source: llmDescription
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085411
Scores
CVSS v3
5.9
EPSS
0.0067
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-311
Status
published
Products (3)
hcltech/hcl_inotes
10.0.1 (6 CPE variants)
hcltech/hcl_inotes
11.0.1 (2 CPE variants)
hcltech/hcl_inotes
9.0 - 10.0.1
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026