CVE-2022-38654 MEDIUM

CVE-2022-38654: HCL Domino is susceptible to an information disclosure vulnerability

Vendor Hcl Software
Product HCL Domino
Weakness CWE-200 · Info exposure
Published November 4, 2022
Last update May 2, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.

Key dates

02Disclosure timeline

November 4, 2022 CVE published
May 2, 2025 Record updated