CVE-2020-14234 – HCL Domino servers are vulnerable to denial of ... (How to Fix)

Q: What is the severity of CVE-2020-14234?

CVE-2020-14234 has a CVSS score of 7.5 (HIGH). HCL Domino servers are vulnerable to denial of service attacks due to improper input validation. An attacker can send specially crafted input to crash the server, affecting versions before 9.0.1 FP10 IF6 and 10.0.1. This impacts organizations using vulnerable HCL Domino installations.

📋 TL;DR

HCL Domino servers are vulnerable to denial of service attacks due to improper input validation. An attacker can send specially crafted input to crash the server, affecting versions before 9.0.1 FP10 IF6 and 10.0.1. This impacts organizations using vulnerable HCL Domino installations.

💻 Affected Systems

Products:

HCL Domino

Versions: All versions before 9.0.1 FP10 IF6 and all versions before 10.0.1

Operating Systems: All supported OS platforms for HCL Domino

Default Config Vulnerable: ⚠️ Yes

Notes: All standard installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server crash leading to extended service disruption and potential data loss if recovery mechanisms fail.

🟠

Likely Case

Temporary service outage requiring server restart, disrupting email, applications, and collaboration services.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - Attackers can directly target exposed Domino servers without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but still poses significant risk to business operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending malformed input but does not require authentication or special privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.0.1 FP10 IF6 or 10.0.1 and later

Vendor Advisory: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302

Restart Required: Yes

Instructions:

1. Download the appropriate fix pack from HCL Support. 2. Apply the fix pack following HCL Domino update procedures. 3. Restart the Domino server to activate the patch.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to Domino servers to trusted sources only

Input Validation Filtering

all

Implement network-level input validation or WAF rules to filter suspicious requests

🧯 If You Can't Patch

Implement strict network segmentation to isolate Domino servers from untrusted networks
Deploy monitoring and alerting for unusual traffic patterns or server crashes

🔍 How to Verify

Check if Vulnerable:

Check Domino version via console command 'show server' or examine program directory version files

Check Version:

show server (Domino console) or check notes.ini BuildVersion

Verify Fix Applied:

Verify version is 9.0.1 FP10 IF6 or higher, or 10.0.1 or higher after patch application

📡 Detection & Monitoring

Log Indicators:

Unexpected server crashes
Abnormal termination logs
Increased error messages in Domino console

Network Indicators:

Unusual traffic patterns to Domino ports
Multiple connection attempts with malformed data

SIEM Query:

source="domino.log" AND ("crash" OR "abnormal termination" OR "server stopped unexpectedly")

📊 Metadata

CVE ID: CVE-2020-14234

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: November 21, 2020

Last Updated: November 21, 2024

🔗 References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 Patch,Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14234, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

Domino by Hcltech

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Control

Input Validation Filtering

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities