CVE-2020-4107

Summary

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL Domino9, 10 and 11affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

Workarounds

Supported releases prior to 11.0.1 Fixpack 3 can use the following notes.ini setting to enable protection from this vulnerability:

SharedMemoryAllowOnly=1

Note that enabling this protection can impact some activities, see additional information in article, KB0090343. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090343

ADP Enrichment

CVE Program Container

Additional References

References