Hcl Software Hcl Inotes vulnerabilities
3 known vulnerabilities affecting hcl_software/hcl_inotes.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-27558P3HIGHCVSS 7.5v12.0.1, 12.0.1FP12022-08-29
CVE-2022-27558 [HIGH] CWE-521 CVE-2022-27558: HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password polici
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
nvd
CVE-2022-27547P4HIGHCVSS 7.4v9, 10, 11, 122022-08-29
CVE-2022-27547 [HIGH] CWE-601 CVE-2022-27547: HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
nvd
CVE-2022-27546P4MEDIUMCVSS 6.1v9, 10, 11, 122022-08-29
CVE-2022-27546 [MEDIUM] CWE-79 CVE-2022-27546: HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/o
nvd