threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm domino
Product
ibm domino
62 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-23562
all versions
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated at
5.3
MEDIUM
CVE-2023-37539
all versions
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to e
8.4
HIGH
CVE-2023-37495
>= 9.0 and < 14.0
Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Grou
5.9
MEDIUM
CVE-2023-28010
all versions
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attac
4.0
MEDIUM
CVE-2015-10039
< 0.1.5524.38553
A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in
5.5
MEDIUM
CVE-2022-44754
all versions
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a r
9.8
CRITICAL
CVE-2022-44752
all versions
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a
9.8
CRITICAL
CVE-2022-44750
all versions
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a r
9.8
CRITICAL
CVE-2022-38654
all versions
HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search
5.5
MEDIUM
CVE-2022-38660
< 9.0.1
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could e
8.3
HIGH
CVE-2022-27558
all versions
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain
5.9
MEDIUM
CVE-2022-27547
all versions
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user
6.1
MEDIUM
CVE-2022-27546
all versions
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied i
8.3
HIGH
CVE-2020-4107
all versions
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system
8.8
HIGH
CVE-2020-14273
all versions
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An
7.5
HIGH
CVE-2020-14270
>= 9.0.0 and <= 10.0.0
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user
5.3
MEDIUM
CVE-2020-4080
all versions
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message cont
6.1
MEDIUM
CVE-2020-14244
>= 9.0.0 and < 10.0.1
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthe
9.8
CRITICAL
CVE-2020-14260
>= 9.0.0 and <= 9.0.1
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit
9.8
CRITICAL
CVE-2020-4128
>= 9.0.0 and <= 9.0.1
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use
5.3
MEDIUM
CVE-2020-14234
< 9.0.1
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially givi
7.5
HIGH
CVE-2020-14230
< 9.0.1
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unau
7.5
HIGH
CVE-2017-1712
< 9.0.1
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access
5.9
MEDIUM
CVE-2012-6277
>= 8.5.0 and <= 8.5.3.6
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchan
7.8
HIGH
CVE-2018-1771
>= 9.0.1.0 and <= 9.0.1.10
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing
8.4
HIGH
CVE-2016-6087
all versions
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino
9.8
CRITICAL
CVE-2017-1274
all versions
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker t
8.8
HIGH
CVE-2016-0270
all versions
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce ge
5.9
MEDIUM
CVE-2016-6113
all versions
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI
6.1
MEDIUM
CVE-2016-5884
all versions
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI
6.1
MEDIUM
CVE-2016-5882
all versions
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI
6.1
MEDIUM
CVE-2016-5880
all versions
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI
5.4
MEDIUM
CVE-2016-2939
all versions
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI
6.1
MEDIUM
CVE-2016-2938
all versions
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI
6.1
MEDIUM
CVE-2016-0304
all versions
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration invo
8.1
HIGH
CVE-2016-0301
all versions
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows rem
7.8
HIGH
CVE-2016-0279
all versions
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows rem
7.8
HIGH
CVE-2016-0278
all versions
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows rem
7.8
HIGH
CVE-2016-0277
all versions
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows rem
7.8
HIGH
CVE-2015-5040
all versions
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to ex
CVE-2015-4994
all versions
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to ex
CVE-2015-2015
<= 8.5.3
Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0
CVE-2015-2014
all versions
Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attack
CVE-2015-1981
all versions
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when
CVE-2015-1903
all versions
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute
CVE-2015-1902
all versions
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute
CVE-2015-0135
all versions
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a deni
CVE-2015-0179
all versions
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain t
CVE-2015-0134
all versions
Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6,
CVE-2015-0117
all versions
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary
CVE-2002-2191
all versions
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potent
CVE-2002-0408
<= 5.0.9a
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to dete
CVE-2002-0407
<= 5.0.9a
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server v
CVE-2002-0245
all versions
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a req
CVE-2002-0087
all versions
bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
CVE-2001-0954
all versions
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to d
CVE-2001-0846
all versions
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administra
CVE-2001-0939
all versions
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
CVE-2001-1018
all versions
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a
CVE-2000-1203
all versions
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an em
CVE-2000-1046
all versions
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of serv
CVE-1999-1012
all versions
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail s
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin