CVE-2021-27764 – CVE-2021-27764 is a security misconfiguration v... (How to Fix)

Q: What is the severity of CVE-2021-27764?

CVE-2021-27764 has a CVSS score of 7.4 (HIGH). CVE-2021-27764 is a security misconfiguration vulnerability in HCL Domino WebUI where cookies are set without HTTPOnly flags. This allows attackers to potentially steal session cookies via cross-site scripting attacks. Affects HCL Domino servers with WebUI enabled.

📋 TL;DR

CVE-2021-27764 is a security misconfiguration vulnerability in HCL Domino WebUI where cookies are set without HTTPOnly flags. This allows attackers to potentially steal session cookies via cross-site scripting attacks. Affects HCL Domino servers with WebUI enabled.

💻 Affected Systems

Products:

HCL Domino

Versions: Versions 9.0, 10.0, 11.0, 12.0 prior to specific fix packs

Operating Systems: Windows, Linux, AIX, IBM i

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with WebUI enabled. Domino servers without WebUI are not vulnerable.

📦 What is this software?

Bigfix Webui by Hcltech

View all CVEs affecting Bigfix Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Session hijacking leading to complete compromise of user accounts, unauthorized access to sensitive data, and potential privilege escalation.

🟠

Likely Case

Session theft allowing attackers to impersonate authenticated users and access their data and functionality.

🟢

If Mitigated

Minimal impact if proper network segmentation, WAF rules, and additional authentication controls are implemented.

🌐 Internet-Facing: HIGH - WebUI exposed to internet allows remote attackers to exploit via XSS vectors.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit via XSS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires XSS vector to exploit. Not directly exploitable without additional vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fix packs: 9.0.1 FP10 IF6, 10.0.1 FP6, 11.0.1 FP5, 12.0.0

Vendor Advisory: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778

Restart Required: Yes

Instructions:

1. Download appropriate fix pack from HCL support portal. 2. Apply fix pack following HCL Domino upgrade procedures. 3. Restart Domino server. 4. Verify cookies now have HTTPOnly flag set.

🔧 Temporary Workarounds

Disable WebUI

all

Disable WebUI component if not required for business operations

Modify notes.ini: HTTPEnableWebUI=0
Restart Domino server

Implement WAF Rules

all

Configure Web Application Firewall to block XSS attacks and cookie theft attempts

🧯 If You Can't Patch

Implement strict Content Security Policy headers to prevent XSS
Use network segmentation to isolate Domino servers from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Use browser developer tools to inspect cookies set by Domino WebUI. Check if cookies lack HTTPOnly flag.

Check Version:

At Domino console: show server

Verify Fix Applied:

After patching, verify cookies now include HTTPOnly flag in Set-Cookie headers.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts
Unusual cookie access patterns

Network Indicators:

HTTP requests attempting XSS payloads
Cookie theft attempts in network traffic

SIEM Query:

source="domino.log" AND ("authentication failed" OR "cookie" OR "session")

📊 Metadata

CVE ID: CVE-2021-27764

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: CWE-614

Published: May 6, 2022

Last Updated: November 21, 2024

🔗 References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778 Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27764, you might also want to check these: