Vulnerabilities > CVE-2023-28015 - Unspecified vulnerability in HCL Domino Appdev Pack

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

hcl

NVD

Published: 2023-05-23

Updated: 2024-11-21

Summary

The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.

Vulnerable Configurations

Part	Description	Count
Application	Hcl HCL Domino Appdev Pack -	1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105093
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105093