 Vladislavs Tatarincevs | Vladislav Tatarincev 8 April 2026 09:01:20When you see something like CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N in an HCL Domino security bulletin, don’t treat it like random cryptic text. It’s actually a compact way to answer two very important questions: 1. How can the vulnerability be exploited? 2. What damage can it cause? This specific vector means: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N AV:N — attackable over the network AC:L — low complexity, not hard to exploit AT:P — some additional conditions must exist PR:N — no privileges required UI:N — no user action required VC:N / VI:N — no impact on confidentiality or integrity VA:H — high impact on availability SC:N / SI:N / SA:N — no impact on connected downstream systems In plain English: This looks like a vulnerability that can be triggered remotely, without login, and without user interaction. That already deserves attention.The main risk here is not data theft or data manipulation — the real danger is service disruption. Quick CVSS v4 cheat sheet AV — Attack Vector N = Network A = Adjacent L = Local P = Physical AC — Attack Complexity L = Low H = High AT — Attack Requirements N = None P = Present PR — Privileges Required N = None L = Low H = High UI — User Interaction N = None P = Passive A = Active VC / VI / VA Impact on the vulnerable system: Confidentiality Integrity Availability Values: N = None L = Low H = High SC / SI / SA Impact on subsequent systems: Confidentiality Integrity Availability Lesson learned for Domino people: If you see AV:N + PR:N + UI:N, pay attention immediately.
For any Sametime,Domino, Connections environment, that usually means a potentially dangerous remote scenario — especially if the server is exposed or business-critical, UI:N says that user even not involved, should not click some bad link. Security bulletins are not just for security teams. Admins should be able to read the vector and instantly understand the risk.
Get a free account on HCL Support, subscribe to products you use: https://support.hcl-software.com/community?id=community_forum&sys_id=038a2b921b7bb34c77761fc58d4bcb0d get alerts from HCL or from our Monitoring solution. See my previous post about CYMON. Vladislav Tatarincev 7 April 2026 15:52:10HCL has an official security channel where it regularly publishes security bulletins, vulnerability information, product advisories, and critical alerts. The information is there https://support.hcl-software.com/community?id=community_forum&sys_id=038a2b921b7bb34c77761fc58d4bcb0d . The problem is that too few people actually see it in time.
Even important HCL security content often gets very limited attention, despite the fact that it can affect production environments directly.
And that is the real risk. Because in security, “published” does not mean “noticed.” And “noticed later” can already be too late. We have seen this before. A serious issue like the December 13 Domino mail-routing defect was exactly the kind of problem that should trigger an immediate response, not wait until the next working morning. HCL published a critical alert for it, but if your team depends on someone manually checking portals, blogs, or vendor pages, there is always a delay.
Another story, that HCL or Partners might not have all admin contact information, because sometimes these are procurement emails , not real admin emails.
Now add one more reality: attackers move fast. Very fast. Recent threat intelligence shows that the time between public disclosure and active exploitation has collapsed from weeks to days, and in some cases threat actors weaponize newly disclosed vulnerabilities almost immediately. Just recently after CVE was published on another vendor software, after 10 minutes hackers tried to use this vulnerability. 10 minutes only!
That is why staying informed manually is no longer enough.
How do you stay up to date without living on vendor portals?
One practical answer is CYMON monitoring https://cyone.eu/CYMON . Instead of hoping that someone will notice a new HCL bulletin, a new critical fix, or a newly disclosed vulnerability, CYMON can notify you immediately. Not just during office hours, but also outside the working day, when many of the most unpleasant surprises actually happen.
CYMON can send alerts by:
* Emails and SMS
* HCL Sametime chat,
* and, if needed, other channels such as Teams, TelegramWhile Teams is possible, HCL environments which may be air-gapped, Sametime is often the better place: faster, closer to operations, and more natural for the people who actually support the platform, and no information leaves your network perimeter.
Why this matters in real life. A good monitoring system should not just tell you that “something was published.”
It should help you answer the operational questions:
* Does this affect us?
* Which product or version is involved?
* Is this just informational, or does it require action now?
* Do we need to patch, restart, investigate, or escalate?
CYMON helps close that gap. It can also show you which versions the vendor has released and which versions you are actually running, making it much easier to understand exposure and prioritise action.
So instead of scattered manual checks, low-visibility vendor posts, and delayed reactions, you get an operational flow:
the right information reaches the right people at the right time.
Monitoring is not about dashboards. It is about reaction time. It also brings valuable information to make right decisions.
Security bulletins with low view counts are a warning sign by themselves. Not because the information is unavailable, but because too many teams still rely on chance.
CYMON turns passive information into active notification.
That means:
* no waiting until someone checks the site
* no dependence on memory
* no “we saw it the next day,”
* and no silence just because the issue appeared after business hours.When the next critical bulletin, vulnerability, or vendor alert appears, the goal is simple: you should know immediately.
Want to see how this works in practice?
If you want to stay aware of HCL security news, critical bugs, version changes, and emerging risks without manually checking vendor portals every day, CYMON is worth trying.
Because in security, the most dangerous update is not the one that was published.
It is the one you saw too late. CYMON Monitoring homepage is here https://cyone.eu/CYMON
Screens below are from upcoming version, that we will show at Engage. Welcome to our CYMON Workshop at Engage https://engage.ug/pages/sessionagenda2026
 Real time alerting
 List of security issues
 Vladislav Tatarincev 19 March 2026 09:26:33 Hi, Domino / Notes 14.5.1 is available for Download from My HCL site. https://my.hcltechsw.com/downloads/domino/domino/14.5.1  Vladislav Tatarincev 2 March 2026 12:22:38
While ago I came across Daniel Nashed Blog post about Domino Backup central Logging. https://blog.nashcom.de/nashcomblog.nsf/dx/domino-backup-notifications-and-central-logging.htm?opendocument
Domino backup has smart design, and Domino Backup reports errors to specific Domino document as well as every databases has date and time of last backup.
Can we monitor these errors? Of course we can and should monitor these errors when they appear.
Is monitoring only errors is sufficient to monitor? Errors in Domino Backup logs is one part of story, but if the databases has been really copied by backup, that is another story.
CYONE CYMON monitoring can monitor not only Domino platform but also any Domino application. Since filename of Domino backup is know "dominobackup.nsf" I created 3 checks for monitoring.
First check we will read how many databases are in Domino backup inventory. For that we will use simple
Select Form="DatabaseBackup" formula. This will return number of databases. CYMON understands same syntax as Domino Designer.
Second check will be a bit more advanced, it will show us number of databases, that has been backuped last 24 hours.
Everytime Domino dabase is under backup with Domino Backup process, it updates LastBackupTime.
This allows us to create @Formula, that can track if this value in not too old, not more than 24h. Non of us, when we need a backup, would like to realise that they took place last time year ago.
CYMON monitoring uses OpenSource ZABBIX, so many of you are familiar with Interface. CYMON is basically a small Notes client that any monitoring can talk to over HTTP. Give me this statistic, or give me this formula.
When everything works, number databases on server(total), and databases in backup should be same. Numbers should match.
If they differ for 1% this should be investigated, if more than X something is not good.
3rd Check.
And one more, we need to analyse if there are errors in Domino backup log files.
In CYMON www.cyone.eu/CYMON there are close to 1000 checks and these checks and charts are split across different dashboards, like Performance, Users, Traveler, Security, Mail, Databases, HTTP and others.
In "04.Databases and Space" Grafana dashboard there is now new backup charts. Since backups occur once per day, it is normal to check this information also once per day, for example 6am, so the load on server will be minimal.
Again, since CYMON acts as a Notes client, so nothing need to be installed on top of Domino server. This gives ability to monitor Domino on any existing supported platform (Linux, Windows, AIX, AS400).
On top of 3 statistics that we created (Total, NumberBackupedLast24H, and ErrorsCount) we should create a trigger, that will alert admin. But this is another story. Trigger can be different, If there are Errors in Logs >0, or if number databases on server, does not match number in backup.
With these simple but efficient @Formulas we can detect issues in system databases like backup. Same approach can be used for any other business applications. For example, New claim from customer older than 1 hour and not assigned to anyone.
CYMON Domino monitoring turns thousands of statistics in valuable information, and Alert when needed. There is no sense to check it manually on server by human. In average Domino has 6000 statistics that change every moment, this will give us 8 millions statistics per day.
This is why it make sense to automate key statistic monitoring with CYMON.
Domino run your business, with same approach like we check backup, we can check logs of synchronisation agents or any other integrations.
CYMON is docker based, requires a Linux machine and initial setup is around 10 min. Free and commercial Versions are available https://www.cyone.eu/CYMON/
 Vladislav Tatarincev 10 April 2025 15:44:07 If you are using Domino Managed Replica, you should be aware, that HCL Notes clients are impacted by 13 Dec bug. HCL Clients start to pull whole mailfile again and again. Which in my case was several terrabytes of data. But since I use CYMON monitoring I was able to notice this anomaly quite fast. CYMON info is here, probably the best monitoring for HCL Domino. https://www.cyone.eu/CYMON HCL Notes fix exists for Notes 14. While version 12 is also affected. HCL Technote attached: Mail Managed replica (MMR) are replicating mails from the beginning of the documents https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118714 Safe administration and have a good monitoring tool always at your service. V. Vladislav Tatarincev 13 November 2024 08:51:37
Domino products offer a wealth of statistical data that play a crucial role in predicting and preventing issues in production environments. As a mature product, Domino has been delivering these valuable insights for many years, helping to maintain high-quality service for clients.
What Do These Statistics Tell Us?
Looking at the code 200 histogram, we see that 96% of requests are fulfilled in under 2 seconds, with the majority processed in under 1 second. But what does this mean for our server's current state?
Without knowing the uptime—whether it's been 10 minutes or 2 weeks—this data is limited.
High response times could have occurred just now, or they might be skewed by a user with slow internet in a remote location week ago.
How Do We Know if the Server is Healthy Right Now?
Simply waiting and watching isn’t effective. We need a “wait and compare” approach. For example, in the image, only the 000-001 statistic has increased, giving us confidence that response times are stable. However, manually checking for changes isn’t practical.
This is Where CYMON from CYONE Steps In!
CYMON www.cyone.eu/cymon simplifies monitoring by automatically calculating deltas over time, showing trends without the need for manual comparison. This dynamic view of server health makes it easy to spot issues immediately.
CYMON monitoring has also alerting on SMS, Telegram, email or even MS Teams(Forgive me). Based on Zabbix www.zabbix.com CYMON can be installed under <5 min. Providing valuable insights immediately.
Isn’t that great? There are more than 1000 important statistics checked in realtime, calculating right values for you. CYMON can monitor also NSF applications, View Open Times,
This one histogram is top of the iceberg. It is important to monitor also histogram how quickly Traveler connects to Mail server. To Database where all subscriptions are stored. Also
Do I need to defragment my Database (Derby). If you are in HADR mode, then it is even more interesting.
For example MySQL be default has only 151 Connections that are allowed. If you run 8 or more HTMO/Traveler servers you will hit this limit.
In CYMON we see immediately how quickly we can connect to MySQL (1), how much time it takes to lookup users subscribed folders/last sync times (2). On PieChart 2 we see 100% is done under 1 second.
This will tell you instantly if RDBMS is a bottle neck. No it is not, all times are perfect. Of course now we see nice picture, while CYMON will highlight you dirty place and make your Domino SHINE!
Everything synchronised under 1 second. We also see (2) instruction what to do if Bad buckets will grow (like 005-10, or slowed buckets).
And finally we see also what type of problem we got so far during server uptime(3).
If you find this interesting in more please comment, I have a lot of cool stuff about Traveler and Domino monitoring as such.
P.S. Thank you Martin from (http://www.sidra400.com), fixed CSS, it is better now. Vladislav Tatarincev 13 November 2024 08:45:02 New version of 14.5 and 14.0 FP2 has new Notes.ini parameter which is always interesting. If it address old problem, then even better. https://ds-infolib.hcltechsw.com/ldd/fixlist.nsf/8ed1b46cfdba8957852570c90054623b/659ddc7465e1f01785258b81003d6dc3?OpenDocument If you use protection from Brute Force there is a new check box starting from V10, to block also IP address from which request is coming. In case of Direct access it works, if you are connected via Balancer or someone will try to login to Sametime, that is binded by LDAP to Domino, then Sametime IP will be blocked. So in this scenario, we all were forced to disable this feature, while there is a good idea behind. Now we have a solution, You have to add all your systems, like public WiFI IP, Sametime IP, all other known systems and enable this parameter, it will whitelist then these IP and will never block. Again this is new only for 14.0 FP2 and 14.5. Product Area: Server Technical Area: Directory Services Platform: Cross Platform SPR# MOBNCY2KBG - Server - LDAP - Added a new Notes INI - LDAP_USE_HTTP_TRUSTED_IP_LIST_FOR_LOCKOUT_EXEMPTION=1 - to allow a customer to exempt certain IP addresses to avoid the issue of all users getting locked out of LDAP requests because the IP was locked out. This INI is off by default Vladislav Tatarincev 28 October 2024 12:12:00 CYONE and HCL invite you to a thrilling cybersecurity session! Join our webinar on **HCL BigFix**—a product that’s as versatile as Domino but with even more tricks up its sleeve. BigFix is the ultimate multitasker: it patches servers and workstations, analyzes threats with impressive visuals, and forecasts which CVEs might make their way into the hacker’s playbook against your company. Plus, it’s got Power Management, Remote Control, and even a Corporate App Store for your “App-on-Demand” needs. It’s the ultimate tool—stable, powerful, and always ready. In this webinar, we’ll dive deep into BigFix’s potential. **Reserve your spot today!** Not only is it free, but you’ll get the link to our Live Stream Page (broadcasted through yet another top-notch HCL solution—HCL Sametime). **Webinar Details** 📅 Date: 31 October 2024 ⏰ Time: 16:00 GMT+2 🔗 Can’t attend live? Register anyway to receive a link to the recording. [Register here](https://update.cyone.lv/volt-apps/anon/org/app/b9fbee08-6f67-4665-851a-a56704b5be1d/launch/index.html?form=F_Registration)—hosted on HCL Domino Volt, of course! See you there for a session that’s packed with insights, tech brilliance, and a good dose of cyber wit! |
|