Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for Nomad server on Domino by HCL Software

    CVE-2024-30129 (GCVE-0-2024-30129)

    Vulnerability from nvd – Published: 2024-12-06 15:57 – Updated: 2024-12-06 17:01
    VLAI
    Title
    HCL Nomad server on Domino is affected by a host header injection vulnerability
    Summary
    The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.14
    Create a notification for this product.
    hcltech hcl_nomad Affected: 0 , < 1.0.14 (custom)
        cpe:2.3:a:hcltech:hcl_nomad:*:*:*:*:*:-:*:*
    Create a notification for this product.
    Date Public
    2024-12-06 15:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:hcl_nomad:*:*:*:*:*:-:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_nomad",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30129",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T16:48:55.323916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T17:01:53.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.14"
                }
              ]
            }
          ],
          "datePublic": "2024-12-06T15:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address."
                }
              ],
              "value": "The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-06T15:57:41.869Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Nomad server on Domino is affected by a host header injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30129",
        "datePublished": "2024-12-06T15:57:41.869Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-12-06T17:01:53.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30132 (GCVE-0-2024-30132)

    Vulnerability from nvd – Published: 2024-10-01 12:10 – Updated: 2024-10-29 20:29
    VLAI
    Title
    Missing default HTTP security headers affect HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-10-01 12:05
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T13:16:03.731292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:29:13.443Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-10-01T12:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. \u0026nbsp;"
                }
              ],
              "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-01T12:12:13.009Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0116298"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing default HTTP security headers affect HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30132",
        "datePublished": "2024-10-01T12:10:08.679Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-10-29T20:29:13.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23586 (GCVE-0-2024-23586)

    Vulnerability from nvd – Published: 2024-09-27 21:20 – Updated: 2024-10-04 13:56
    VLAI
    Title
    An insufficient session timeout vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.13
    Create a notification for this product.
    hcltech nomad_server_on_domino Affected: 0 , < 1.0.13 (custom)
        cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-27 21:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nomad_server_on_domino",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T13:53:43.919681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T13:56:37.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-09-27T21:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u0026nbsp; Under certain circumstances, an unauthenticated attacker could obtain old session information. \u0026nbsp;"
                }
              ],
              "value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u00a0 Under certain circumstances, an unauthenticated attacker could obtain old session information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-27T21:20:29.383Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115264"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An insufficient session timeout vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-23586",
        "datePublished": "2024-09-27T21:20:29.383Z",
        "dateReserved": "2024-01-18T07:30:10.662Z",
        "dateUpdated": "2024-10-04T13:56:37.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30128 (GCVE-0-2024-30128)

    Vulnerability from nvd – Published: 2024-09-25 14:42 – Updated: 2024-09-25 15:34
    VLAI
    Title
    An open proxy vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.13
    Create a notification for this product.
    hcltech nomad_server_on_domino Affected: 0 , < 1.0.13 (custom)
        cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-25 14:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nomad_server_on_domino",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T15:27:27.770959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-441",
                    "description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T15:34:19.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-09-25T14:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
                }
              ],
              "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T14:42:53.930Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115504"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An open proxy vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30128",
        "datePublished": "2024-09-25T14:42:53.930Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-09-25T15:34:19.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30130 (GCVE-0-2024-30130)

    Vulnerability from nvd – Published: 2024-07-19 00:03 – Updated: 2024-08-02 01:25
    VLAI
    Title
    HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability
    Summary
    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-525 - Use of Web Browser Cache Containing Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-18 23:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T17:18:47.714746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T17:19:14.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.056Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.12"
                }
              ]
            }
          ],
          "datePublic": "2024-07-18T23:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-525",
                  "description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-19T00:03:13.207Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30130",
        "datePublished": "2024-07-19T00:03:13.207Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-08-02T01:25:03.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23588 (GCVE-0-2024-23588)

    Vulnerability from nvd – Published: 2024-07-05 13:08 – Updated: 2024-10-30 17:49
    VLAI
    Title
    A denial of service vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-05 12:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:01:49.102192Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:49:03.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:06:25.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.0.11"
                }
              ]
            }
          ],
          "datePublic": "2024-07-05T12:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-05T13:08:46.782Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A denial of service vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-23588",
        "datePublished": "2024-07-05T13:08:46.782Z",
        "dateReserved": "2024-01-18T07:30:10.662Z",
        "dateUpdated": "2024-10-30T17:49:03.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30129 (GCVE-0-2024-30129)

    Vulnerability from cvelistv5 – Published: 2024-12-06 15:57 – Updated: 2024-12-06 17:01
    VLAI
    Title
    HCL Nomad server on Domino is affected by a host header injection vulnerability
    Summary
    The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.14
    Create a notification for this product.
    hcltech hcl_nomad Affected: 0 , < 1.0.14 (custom)
        cpe:2.3:a:hcltech:hcl_nomad:*:*:*:*:*:-:*:*
    Create a notification for this product.
    Date Public
    2024-12-06 15:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:hcl_nomad:*:*:*:*:*:-:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_nomad",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30129",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T16:48:55.323916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T17:01:53.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.14"
                }
              ]
            }
          ],
          "datePublic": "2024-12-06T15:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address."
                }
              ],
              "value": "The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-06T15:57:41.869Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Nomad server on Domino is affected by a host header injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30129",
        "datePublished": "2024-12-06T15:57:41.869Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-12-06T17:01:53.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30132 (GCVE-0-2024-30132)

    Vulnerability from cvelistv5 – Published: 2024-10-01 12:10 – Updated: 2024-10-29 20:29
    VLAI
    Title
    Missing default HTTP security headers affect HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-10-01 12:05
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T13:16:03.731292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:29:13.443Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-10-01T12:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. \u0026nbsp;"
                }
              ],
              "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-01T12:12:13.009Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0116298"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing default HTTP security headers affect HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30132",
        "datePublished": "2024-10-01T12:10:08.679Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-10-29T20:29:13.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23586 (GCVE-0-2024-23586)

    Vulnerability from cvelistv5 – Published: 2024-09-27 21:20 – Updated: 2024-10-04 13:56
    VLAI
    Title
    An insufficient session timeout vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.13
    Create a notification for this product.
    hcltech nomad_server_on_domino Affected: 0 , < 1.0.13 (custom)
        cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-27 21:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nomad_server_on_domino",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T13:53:43.919681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T13:56:37.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-09-27T21:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u0026nbsp; Under certain circumstances, an unauthenticated attacker could obtain old session information. \u0026nbsp;"
                }
              ],
              "value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u00a0 Under certain circumstances, an unauthenticated attacker could obtain old session information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-27T21:20:29.383Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115264"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An insufficient session timeout vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-23586",
        "datePublished": "2024-09-27T21:20:29.383Z",
        "dateReserved": "2024-01-18T07:30:10.662Z",
        "dateUpdated": "2024-10-04T13:56:37.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30128 (GCVE-0-2024-30128)

    Vulnerability from cvelistv5 – Published: 2024-09-25 14:42 – Updated: 2024-09-25 15:34
    VLAI
    Title
    An open proxy vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.13
    Create a notification for this product.
    hcltech nomad_server_on_domino Affected: 0 , < 1.0.13 (custom)
        cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-25 14:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nomad_server_on_domino",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T15:27:27.770959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-441",
                    "description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T15:34:19.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-09-25T14:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
                }
              ],
              "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T14:42:53.930Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115504"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An open proxy vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30128",
        "datePublished": "2024-09-25T14:42:53.930Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-09-25T15:34:19.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30130 (GCVE-0-2024-30130)

    Vulnerability from cvelistv5 – Published: 2024-07-19 00:03 – Updated: 2024-08-02 01:25
    VLAI
    Title
    HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability
    Summary
    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-525 - Use of Web Browser Cache Containing Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-18 23:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T17:18:47.714746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T17:19:14.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.056Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.12"
                }
              ]
            }
          ],
          "datePublic": "2024-07-18T23:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-525",
                  "description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-19T00:03:13.207Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30130",
        "datePublished": "2024-07-19T00:03:13.207Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-08-02T01:25:03.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23588 (GCVE-0-2024-23588)

    Vulnerability from cvelistv5 – Published: 2024-07-05 13:08 – Updated: 2024-10-30 17:49
    VLAI
    Title
    A denial of service vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-05 12:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:01:49.102192Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:49:03.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:06:25.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.0.11"
                }
              ]
            }
          ],
          "datePublic": "2024-07-05T12:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-05T13:08:46.782Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A denial of service vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-23588",
        "datePublished": "2024-07-05T13:08:46.782Z",
        "dateReserved": "2024-01-18T07:30:10.662Z",
        "dateUpdated": "2024-10-30T17:49:03.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }