U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2022-44755

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.  This vulnerability applies to software previously licensed by IBM.

Published: December 19, 2022; 6:15:11 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-44753

HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.  This vulnerability applies to software previously licensed by IBM.

Published: December 19, 2022; 6:15:11 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-44751

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.  This vulnerability applies to software previously licensed by IBM.

Published: December 19, 2022; 6:15:10 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2020-4102

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.

Published: December 01, 2020; 8:15:12 PM -0500 		V4.0:(not available)
 V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-4097

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.

Published: November 05, 2020; 12:15:12 PM -0500 		V4.0:(not available)
 V3.1: 6.8 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-14240

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.

Published: November 05, 2020; 12:15:12 PM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM