CVE-2022-38654

MEDIUM

HCL Domino - Authenticated Information Disclosure via Directory Search xACL Bypass

Title source: llm

Description

HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101017

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (5)

hcltech/domino 9.0.1 (15 CPE variants)

hcltech/domino 10.0.0

hcltech/domino 10.0.1 (8 CPE variants)

hcltech/domino 11.0.1 (6 CPE variants)

hcltech/domino 12.0

Published Nov 04, 2022

Tracked Since Feb 18, 2026