Eric Portner

**Name of the Vulnerable Software and Affected Versions** Domino server (affected versions not specified) **Description** In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HCL Domino AppDev Pack (affected versions not specified) **Description** The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration issue. During a failed login attempt, a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HCL Domino (affected versions not specified) **Description** The issue allows an authenticated attacker to access attributes from a user's person record due to the server ignoring xACL read restrictions in certain scenarios when searching the Domino directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HCL iNotes versions prior to 10.0.1 FP6 HCL iNotes versions prior to 11.0.1 FP2 **Description** HCL iNotes is susceptible to a sensitive cookie exposure issue. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. **Recommendations** For versions prior to 10.0.1 FP6, update to version 10.0.1 FP6 or later. For versions prior to 11.0.1 FP2, update to version 11.0.1 FP2 or later.