CVE-2020-14230
CVE-2020-14230
In short
HCL Domino servers can be crashed by remote attackers sending specially crafted email messages. This happens because the server doesn't properly check incoming email data, allowing anyone on the internet to temporarily disable the service without needing a password.
Technical detail
HCL Domino contains an input validation flaw in email message processing that allows remote unauthenticated attackers to trigger a Denial of Service condition causing server hang. The vulnerability is exploited via specially-crafted email messages and affects versions prior to 9.0.1 FP10 IF6, 10.0.1 FP5, and 11.0.1.
Summary generated and translated by AI from the official description.
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.
Affected products
HCL · HCL DominoWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →