CVE-2022-38660

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:domino::::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3::::::
	cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5::::::

Information

Published : 2022-11-04 13:15

Updated : 2022-11-07 09:18

NVD link : CVE-2022-38660

Mitre link : CVE-2022-38660

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

Products Affected

hcltech

domino

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037", "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-38660", "ASSIGNER": "psirt@hcl.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2022-11-04T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.1"}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-07T17:18Z"}