Primary

Context

HCL Nomad Server on Domino Missing Default Frame-Ancestors Directive Vulnerability

Vulnerability

Patched

A vulnerability exists in HCL Nomad server on Domino versions prior to 1.0.19 due to the Content-Security-Policy header not including a default frame-ancestors directive. This omission could enable an attacker to access sensitive information through unspecified means.

Impact

The lack of a default frame-ancestors directive in the Content-Security-Policy header could allow for clickjacking attacks, potentially leading to the disclosure of sensitive information.

Remediation

Users are advised to download the latest version of HCL Nomad server on Domino, which includes the corrected default response headers. Release notes for this version can be found in the HCL Nomad for web browsers and HCL Nomad server on Domino 1.0.x Release Notes.

Added: Mar 11, 2026, 10:40 PM

Updated: Mar 11, 2026, 10:40 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.0

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.0

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Nomad Server on Domino Missing Default Frame-Ancestors Directive Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL Nomad server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating