Vulnerabilities > CVE-2020-14268 - Out-of-bounds Write vulnerability in Hcltech Notes

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

hcltech

CWE-787

critical

NVD

Published: 2020-12-14

Updated: 2020-12-15

Summary

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.

Vulnerable Configurations

Part	Description	Count
Application	Hcltech Hcltech Notes 9.0 Hcltech Notes 9.0.1 Hcltech Notes 10.0 Hcltech Notes 10.0.1	37

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085762