CVE-2017-1712

{"id": "CVE-2017-1712", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2020-07-01T14:15:14.027", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "\"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.\""}, {"lang": "es", "value": "\"Una vulnerabilidad en la implementaci\u00f3n del protocolo TLS del servidor Domino podr\u00eda permitir a un atacante remoto no autenticado acceder a informaci\u00f3n confidencial, tambi\u00e9n se conoce como un ataque de tipo Oracle Threat (ROBOT) de Return of Bleichenbacher. Un atacante podr\u00eda consultar iterativamente un servidor que ejecuta una implementaci\u00f3n de pila TLS vulnerable para llevar a cabo operaciones criptoanal\u00edticas que pueden permitir un descifrado de sesiones TLS capturadas previamente\""}], "lastModified": "2024-11-21T03:22:15.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA96995E-99EC-4260-A329-B4137AFBEB6B", "versionEndExcluding": "9.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}