Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for nomad_server_on_domino by hcltech

    CVE-2024-30132 (GCVE-0-2024-30132)

    Vulnerability from nvd – Published: 2024-10-01 12:10 – Updated: 2024-10-29 20:29
    VLAI
    Title
    Missing default HTTP security headers affect HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-10-01 12:05
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T13:16:03.731292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:29:13.443Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-10-01T12:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. \u0026nbsp;"
                }
              ],
              "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-01T12:12:13.009Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0116298"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing default HTTP security headers affect HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30132",
        "datePublished": "2024-10-01T12:10:08.679Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-10-29T20:29:13.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30128 (GCVE-0-2024-30128)

    Vulnerability from nvd – Published: 2024-09-25 14:42 – Updated: 2024-09-25 15:34
    VLAI
    Title
    An open proxy vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.13
    Create a notification for this product.
    hcltech nomad_server_on_domino Affected: 0 , < 1.0.13 (custom)
        cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-25 14:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nomad_server_on_domino",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T15:27:27.770959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-441",
                    "description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T15:34:19.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-09-25T14:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
                }
              ],
              "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T14:42:53.930Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115504"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An open proxy vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30128",
        "datePublished": "2024-09-25T14:42:53.930Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-09-25T15:34:19.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30130 (GCVE-0-2024-30130)

    Vulnerability from nvd – Published: 2024-07-19 00:03 – Updated: 2024-08-02 01:25
    VLAI
    Title
    HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability
    Summary
    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-525 - Use of Web Browser Cache Containing Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-18 23:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T17:18:47.714746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T17:19:14.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.056Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.12"
                }
              ]
            }
          ],
          "datePublic": "2024-07-18T23:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-525",
                  "description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-19T00:03:13.207Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30130",
        "datePublished": "2024-07-19T00:03:13.207Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-08-02T01:25:03.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23588 (GCVE-0-2024-23588)

    Vulnerability from nvd – Published: 2024-07-05 13:08 – Updated: 2024-10-30 17:49
    VLAI
    Title
    A denial of service vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-05 12:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:01:49.102192Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:49:03.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:06:25.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.0.11"
                }
              ]
            }
          ],
          "datePublic": "2024-07-05T12:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-05T13:08:46.782Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A denial of service vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-23588",
        "datePublished": "2024-07-05T13:08:46.782Z",
        "dateReserved": "2024-01-18T07:30:10.662Z",
        "dateUpdated": "2024-10-30T17:49:03.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30132 (GCVE-0-2024-30132)

    Vulnerability from cvelistv5 – Published: 2024-10-01 12:10 – Updated: 2024-10-29 20:29
    VLAI
    Title
    Missing default HTTP security headers affect HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-10-01 12:05
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T13:16:03.731292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:29:13.443Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-10-01T12:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. \u0026nbsp;"
                }
              ],
              "value": "HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-01T12:12:13.009Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0116298"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing default HTTP security headers affect HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30132",
        "datePublished": "2024-10-01T12:10:08.679Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-10-29T20:29:13.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30128 (GCVE-0-2024-30128)

    Vulnerability from cvelistv5 – Published: 2024-09-25 14:42 – Updated: 2024-09-25 15:34
    VLAI
    Title
    An open proxy vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software Nomad server on Domino Affected: <1.0.13
    Create a notification for this product.
    hcltech nomad_server_on_domino Affected: 0 , < 1.0.13 (custom)
        cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-25 14:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nomad_server_on_domino",
                "vendor": "hcltech",
                "versions": [
                  {
                    "lessThan": "1.0.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T15:27:27.770959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-441",
                    "description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T15:34:19.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.0.13"
                }
              ]
            }
          ],
          "datePublic": "2024-09-25T14:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
                }
              ],
              "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T14:42:53.930Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0115504"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An open proxy vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30128",
        "datePublished": "2024-09-25T14:42:53.930Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-09-25T15:34:19.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30130 (GCVE-0-2024-30130)

    Vulnerability from cvelistv5 – Published: 2024-07-19 00:03 – Updated: 2024-08-02 01:25
    VLAI
    Title
    HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability
    Summary
    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-525 - Use of Web Browser Cache Containing Sensitive Information
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-18 23:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T17:18:47.714746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-19T17:19:14.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.056Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.12"
                }
              ]
            }
          ],
          "datePublic": "2024-07-18T23:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-525",
                  "description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-19T00:03:13.207Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114184"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30130",
        "datePublished": "2024-07-19T00:03:13.207Z",
        "dateReserved": "2024-03-22T23:57:23.589Z",
        "dateUpdated": "2024-08-02T01:25:03.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23588 (GCVE-0-2024-23588)

    Vulnerability from cvelistv5 – Published: 2024-07-05 13:08 – Updated: 2024-10-30 17:49
    VLAI
    Title
    A denial of service vulnerability affects HCL Nomad server on Domino
    Summary
    HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Date Public
    2024-07-05 12:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:01:49.102192Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:49:03.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:06:25.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nomad server on Domino",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.0.11"
                }
              ]
            }
          ],
          "datePublic": "2024-07-05T12:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-05T13:08:46.782Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A denial of service vulnerability affects HCL Nomad server on Domino",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-23588",
        "datePublished": "2024-07-05T13:08:46.782Z",
        "dateReserved": "2024-01-18T07:30:10.662Z",
        "dateUpdated": "2024-10-30T17:49:03.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }