VYPR

Nomad server

by HCL Software

CVEs (8)

  • CVE-2025-62328Mar 11, 2026
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2024-30132Oct 1, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2024-23586Sep 27, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.

  • CVE-2024-30128Sep 25, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.

  • CVE-2024-30130Jul 19, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.

  • CVE-2024-23562Jul 8, 2024
    risk 0.00cvss epss 0.00

    A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.

  • CVE-2024-23588Jul 5, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.

  • CVE-2023-37539Jun 6, 2024
    risk 0.00cvss epss 0.00

    The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated…