CVE Vulnerability

CVE-2022-38660

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*
Information

Published : 2022-11-04 08:15

Updated : 2022-11-07 05:18

NVD link : CVE-2022-38660

Mitre link : CVE-2022-38660

Products Affected
No products.
CWE
CWE-352