Thursday, May 1, 2025
HomeCVE/vulnerabilityHCL Domino Vulnerability Let Attackers obtain Sensitive information

HCL Domino Vulnerability Let Attackers obtain Sensitive information

Published on

SIEM as a Service

Follow Us on Google News

A critical security vulnerability has been discovered in HCL Domino, a popular enterprise server software, that could potentially expose sensitive configuration information to remote unauthenticated attackers.

This vulnerability, CVE-2024-23562, has raised concerns among cybersecurity experts and enterprises relying on HCL Domino for their operations.

CVE-2024-23562 – Vulnerability Details

CVE-2024-23562 vulnerability allows a remote, unauthenticated attacker to exploit the system and access sensitive configuration information.

- Advertisement - Google News

This information could then be used to launch further attacks against the affected system, potentially compromising the security and integrity of the enterprise’s data.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

  • CVE-ID: CVE-2024-23562
  • Description: A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information.
  • CVSS Base Score: 5.3 (Medium)
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products and Versions

The vulnerability impacts multiple releases of HCL Domino, specifically versions 11, 12, and 14.

It is also suspected that earlier releases may be affected, although this has not been conclusively confirmed.

As of now, a fix for this vulnerability is not available.

HCL has acknowledged the issue and is tracking it under SPR# EPORD2AKDF.

In the meantime, users are advised to implement the recommended workarounds and mitigations to protect their systems.

Workarounds and Mitigations

To mitigate the risk posed by this vulnerability, it is recommended that anonymous access to the Domino server be denied over internet protocols.

The following steps can be taken to achieve this:

  1. Access Internet Site Document Settings: Navigate to the location of Internet site document settings.
  2. Deny Anonymous Access: Set the “Anonymous” fields under “TCP Authentication” and “TLS Authentication” to “No”.

These instructions apply to HCL Domino releases 9 and above.

For further guidance on securing your HCL Domino server, the following resources are available:

  • Server Access for Notes® Users, Internet Users, and Domino® Servers
  • Protecting Files on a Server from Web Client Access
  • Validation and Authentication for Internet and Intranet Clients
  • Creating Public Access Pages, Forms, Subforms, Outlines, Views, Agents, and Style Sheets

The discovery of CVE-2024-23562 highlights the importance of continuous vigilance and proactive security measures in enterprise environments.

Organizations using HCL Domino are urged to implement the recommended mitigations promptly and stay updated on any further developments from HCL regarding a permanent fix.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...