CVE-2020-4129
MEDIUMHCL Domino < 9.0.1 - Unauthenticated Lockout Policy Bypass via LDAP Service
Title source: llmDescription
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085407
Scores
CVSS v3
5.3
EPSS
0.0032
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (3)
hcltech/hcl_domino
9.0.1 feature_pack_10_interim_fix_2 (4 CPE variants)
hcltech/hcl_domino
10.0.1 fixpack1 (5 CPE variants)
hcltech/hcl_domino
< 9.0.1
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026