Vulnerability Details CVE-2023-37495
Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html .
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2023-37495
-
cpe:2.3:a:hcltech:domino:10.0
-
cpe:2.3:a:hcltech:domino:10.0.0
-
cpe:2.3:a:hcltech:domino:10.0.1
-
cpe:2.3:a:hcltech:domino:11.0
-
cpe:2.3:a:hcltech:domino:11.0.0
-
cpe:2.3:a:hcltech:domino:11.0.1
-
cpe:2.3:a:hcltech:domino:12.0
-
cpe:2.3:a:hcltech:domino:12.0.1
-
cpe:2.3:a:hcltech:domino:12.0.2
-
cpe:2.3:a:hcltech:domino:9.0
-
cpe:2.3:a:hcltech:domino:9.0.1