CVE-2020-4128

MEDIUM

HCL Domino - Unauthenticated Lockout Policy Bypass in ID Vault Service

Title source: llm

Description

HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085408

Scores

CVSS v3 5.3

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (2)

hcltech/domino 10.0.1 (5 CPE variants)

hcltech/domino 9.0.0 - 9.0.1

Published Dec 01, 2020

Tracked Since Feb 18, 2026