Search criteria
60 vulnerabilities found for connections by hcltech
FKIE_CVE-2025-52639
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-11-20 19:03
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124241 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release10:*:*:*:*:*:*",
"matchCriteriaId": "718ED7EC-3899-448D-B661-39463F5F71D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*",
"matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*",
"matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*",
"matchCriteriaId": "F3848284-F133-4B35-AC04-9E4FFB17EDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data."
}
],
"id": "CVE-2025-52639",
"lastModified": "2025-11-20T19:03:16.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T19:15:48.617",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124241"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-31961
Vulnerability from fkie_nvd - Published: 2025-08-15 05:15 - Updated: 2025-10-10 16:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123268 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release10:*:*:*:*:*:*",
"matchCriteriaId": "718ED7EC-3899-448D-B661-39463F5F71D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*",
"matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*",
"matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*",
"matchCriteriaId": "F3848284-F133-4B35-AC04-9E4FFB17EDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios."
},
{
"lang": "es",
"value": "HCL Connections contiene una vulnerabilidad de control de acceso roto que puede permitir que usuarios no autorizados actualicen datos en ciertos escenarios."
}
],
"id": "CVE-2025-31961",
"lastModified": "2025-10-10T16:59:36.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-15T05:15:30.007",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123268"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-42209
Vulnerability from fkie_nvd - Published: 2025-07-17 20:15 - Updated: 2025-10-29 14:58
Severity ?
Summary
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122628 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*",
"matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*",
"matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*",
"matchCriteriaId": "F3848284-F133-4B35-AC04-9E4FFB17EDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data."
},
{
"lang": "es",
"value": "HCL Connections es afectado por una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que podr\u00eda permitir que un usuario obtenga informaci\u00f3n confidencial a la que no tiene derecho, lo que es causado por un manejo inadecuado de los datos solicitados."
}
],
"id": "CVE-2024-42209",
"lastModified": "2025-10-29T14:58:28.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2025-07-17T20:15:27.920",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122628"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-42208
Vulnerability from fkie_nvd - Published: 2025-04-04 06:15 - Updated: 2025-10-29 14:58
Severity ?
Summary
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*",
"matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*",
"matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data."
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que podr\u00eda permitir que un usuario obtenga informaci\u00f3n confidencial a la que no tiene derecho, debido a una gesti\u00f3n inadecuada de los datos solicitados."
}
],
"id": "CVE-2024-42208",
"lastModified": "2025-10-29T14:58:16.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2025-04-04T06:15:40.183",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120347"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-42188
Vulnerability from fkie_nvd - Published: 2024-11-14 16:15 - Updated: 2025-10-28 18:45
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117387 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*",
"matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios."
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a una vulnerabilidad de control de acceso roto que puede permitir que un usuario no autorizado actualice datos en ciertos escenarios."
}
],
"id": "CVE-2024-42188",
"lastModified": "2025-10-28T18:45:14.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-14T16:15:19.283",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117387"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-30106
Vulnerability from fkie_nvd - Published: 2024-10-28 22:15 - Updated: 2024-11-08 15:43
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E0F2F-7C8D-4334-8B8D-CCF88431F6DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data."
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n, debido a un error de IBM WebSphere Application Server, que podr\u00eda permitir que un usuario obtenga informaci\u00f3n confidencial a la que no tiene derecho debido al manejo inadecuado de los datos solicitados."
}
],
"id": "CVE-2024-30106",
"lastModified": "2024-11-08T15:43:44.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-28T22:15:02.583",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0116967"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-30118
Vulnerability from fkie_nvd - Published: 2024-10-09 20:15 - Updated: 2024-10-10 18:50
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E0F2F-7C8D-4334-8B8D-CCF88431F6DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data."
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que podr\u00eda permitir que un usuario obtenga informaci\u00f3n confidencial a la que no tiene derecho debido al manejo inadecuado de los datos solicitados."
}
],
"id": "CVE-2024-30118",
"lastModified": "2024-10-10T18:50:54.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-09T20:15:07.570",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0114302"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-30112
Vulnerability from fkie_nvd - Published: 2024-06-25 22:15 - Updated: 2025-10-28 18:53
Severity ?
Summary
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user\u0027s account then launch other attacks."
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a un ataque de Cross-Site Scripting en el que un atacante puede aprovechar este problema para ejecutar c\u00f3digo de script arbitrario en el navegador de un usuario desprevenido, lo que lleva a la ejecuci\u00f3n de c\u00f3digo de scripts maliciosos. Esto puede permitir al atacante robar credenciales de autenticaci\u00f3n basadas en cookies, acceder a la cuenta del usuario y luego lanzar otros ataques."
}
],
"id": "CVE-2024-30112",
"lastModified": "2025-10-28T18:53:09.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2024-06-25T22:15:30.117",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114148"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-37541
Vulnerability from fkie_nvd - Published: 2024-06-25 15:15 - Updated: 2025-10-29 14:45
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*",
"matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*",
"matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*",
"matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*",
"matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*",
"matchCriteriaId": "F3848284-F133-4B35-AC04-9E4FFB17EDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios."
},
{
"lang": "es",
"value": "HCL Connections contiene una vulnerabilidad de control de acceso rota que puede permitir que usuarios no autorizados actualicen datos en ciertos escenarios."
}
],
"id": "CVE-2023-37541",
"lastModified": "2025-10-29T14:45:51.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-25T15:15:11.363",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0119435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114156"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-30107
Vulnerability from fkie_nvd - Published: 2024-04-18 21:15 - Updated: 2025-10-29 14:03
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | connections | 7.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 | |
| hcltech | connections | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*",
"matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*",
"matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*",
"matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.\n"
},
{
"lang": "es",
"value": "HCL Connections contiene una vulnerabilidad de control de acceso roto que puede exponer informaci\u00f3n confidencial a usuarios no autorizados en ciertos escenarios."
}
],
"id": "CVE-2024-30107",
"lastModified": "2025-10-29T14:03:11.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-18T21:15:07.287",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112489"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-52639 (GCVE-0-2025-52639)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:58 – Updated: 2025-11-18 20:21
VLAI?
Title
HCL Connections is vulnerable to sensitive information disclosure
Summary
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.
Severity ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:21:30.503478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:21:35.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2025-11-18T18:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:58:06.174Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124241"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to sensitive information disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-52639",
"datePublished": "2025-11-18T18:58:06.174Z",
"dateReserved": "2025-06-18T14:00:43.106Z",
"dateUpdated": "2025-11-18T20:21:35.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31961 (GCVE-0-2025-31961)
Vulnerability from cvelistv5 – Published: 2025-08-15 04:29 – Updated: 2025-08-15 16:34
VLAI?
Title
HCL Connections is vulnerable to broken access control
Summary
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
Severity ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T16:34:41.966080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T16:34:50.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2025-08-15T04:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.\u003cbr\u003e"
}
],
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T04:29:59.295Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123268"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to broken access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31961",
"datePublished": "2025-08-15T04:29:59.295Z",
"dateReserved": "2025-04-01T18:46:23.151Z",
"dateUpdated": "2025-08-15T16:34:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42209 (GCVE-0-2024-42209)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:24 – Updated: 2025-07-17 20:04
VLAI?
Title
HCL Connections is vulnerable to an information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:04:25.093996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:04:32.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2025-07-17T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:24:29.065Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122628"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42209",
"datePublished": "2025-07-17T19:24:29.065Z",
"dateReserved": "2024-07-29T21:32:16.370Z",
"dateUpdated": "2025-07-17T20:04:32.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42208 (GCVE-0-2024-42208)
Vulnerability from cvelistv5 – Published: 2025-04-04 05:22 – Updated: 2025-04-04 14:17
VLAI?
Title
HCL Connections is vulnerable to an information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:17:21.056700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:17:34.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2025-04-04T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T05:23:46.057Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120347"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42208",
"datePublished": "2025-04-04T05:22:59.531Z",
"dateReserved": "2024-07-29T21:32:16.370Z",
"dateUpdated": "2025-04-04T14:17:34.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42188 (GCVE-0-2024-42188)
Vulnerability from cvelistv5 – Published: 2024-11-14 15:31 – Updated: 2024-11-14 15:53
VLAI?
Title
HCL Connections is vulnerable to a broken access control vulnerability
Summary
HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
Credits
Christoph Stöttner of Vegard IT GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:51:28.102549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:53:55.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph St\u00f6ttner of Vegard IT GmbH"
}
],
"datePublic": "2024-11-14T15:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios."
}
],
"value": "HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:31:58.223Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117387"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to a broken access control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42188",
"datePublished": "2024-11-14T15:31:58.223Z",
"dateReserved": "2024-07-29T21:32:08.371Z",
"dateUpdated": "2024-11-14T15:53:55.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30106 (GCVE-0-2024-30106)
Vulnerability from cvelistv5 – Published: 2024-10-28 21:35 – Updated: 2024-10-29 13:30
VLAI?
Title
HCL Connections is vulnerable to an information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:30:10.899261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:30:26.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2024-10-28T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:35:22.044Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0116967"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30106",
"datePublished": "2024-10-28T21:35:22.044Z",
"dateReserved": "2024-03-22T23:57:21.323Z",
"dateUpdated": "2024-10-29T13:30:26.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30118 (GCVE-0-2024-30118)
Vulnerability from cvelistv5 – Published: 2024-10-09 20:03 – Updated: 2024-10-09 20:40
VLAI?
Title
HCL Connections is susceptible to a sensitive information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:40:36.525690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:40:52.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2024-10-09T19:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data."
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:03:30.245Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0114302"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is susceptible to a sensitive information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30118",
"datePublished": "2024-10-09T20:03:30.245Z",
"dateReserved": "2024-03-22T23:57:22.506Z",
"dateUpdated": "2024-10-09T20:40:52.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30112 (GCVE-0-2024-30112)
Vulnerability from cvelistv5 – Published: 2024-06-25 21:28 – Updated: 2024-10-30 17:32
VLAI?
Title
HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability
Summary
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
Credits
Christoph Stöttner of Vegard IT GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T14:02:23.451759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T17:32:31.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph St\u00f6ttner of Vegard IT GmbH"
}
],
"datePublic": "2024-06-25T21:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user\u0027s account then launch other attacks.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user\u0027s account then launch other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL."
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:28:23.078Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114148"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30112",
"datePublished": "2024-06-25T21:28:23.078Z",
"dateReserved": "2024-03-22T23:57:21.324Z",
"dateUpdated": "2024-10-30T17:32:31.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37541 (GCVE-0-2023-37541)
Vulnerability from cvelistv5 – Published: 2024-06-25 15:08 – Updated: 2025-02-25 23:12
VLAI?
Title
HCL Connections is vulnerable to broken access control
Summary
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7, 8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T16:46:52.266688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T19:12:21.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7, 8"
}
]
}
],
"datePublic": "2025-02-25T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T23:12:11.673Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0119435"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to broken access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37541",
"datePublished": "2024-06-25T15:08:03.168Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2025-02-25T23:12:11.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30107 (GCVE-0-2024-30107)
Vulnerability from cvelistv5 – Published: 2024-04-18 20:12 – Updated: 2024-08-02 01:25
VLAI?
Title
HCL Connections is vulnerable to broken access control
Summary
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connections",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connections",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T16:46:55.660490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:25.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2024-04-18T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T20:12:52.286Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112489"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to broken access control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30107",
"datePublished": "2024-04-18T20:12:52.286Z",
"dateReserved": "2024-03-22T23:57:21.323Z",
"dateUpdated": "2024-08-02T01:25:02.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52639 (GCVE-0-2025-52639)
Vulnerability from nvd – Published: 2025-11-18 18:58 – Updated: 2025-11-18 20:21
VLAI?
Title
HCL Connections is vulnerable to sensitive information disclosure
Summary
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.
Severity ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:21:30.503478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:21:35.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2025-11-18T18:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:58:06.174Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124241"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to sensitive information disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-52639",
"datePublished": "2025-11-18T18:58:06.174Z",
"dateReserved": "2025-06-18T14:00:43.106Z",
"dateUpdated": "2025-11-18T20:21:35.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31961 (GCVE-0-2025-31961)
Vulnerability from nvd – Published: 2025-08-15 04:29 – Updated: 2025-08-15 16:34
VLAI?
Title
HCL Connections is vulnerable to broken access control
Summary
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
Severity ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T16:34:41.966080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T16:34:50.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2025-08-15T04:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.\u003cbr\u003e"
}
],
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T04:29:59.295Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123268"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to broken access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31961",
"datePublished": "2025-08-15T04:29:59.295Z",
"dateReserved": "2025-04-01T18:46:23.151Z",
"dateUpdated": "2025-08-15T16:34:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42209 (GCVE-0-2024-42209)
Vulnerability from nvd – Published: 2025-07-17 19:24 – Updated: 2025-07-17 20:04
VLAI?
Title
HCL Connections is vulnerable to an information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:04:25.093996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:04:32.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2025-07-17T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:24:29.065Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122628"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42209",
"datePublished": "2025-07-17T19:24:29.065Z",
"dateReserved": "2024-07-29T21:32:16.370Z",
"dateUpdated": "2025-07-17T20:04:32.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42208 (GCVE-0-2024-42208)
Vulnerability from nvd – Published: 2025-04-04 05:22 – Updated: 2025-04-04 14:17
VLAI?
Title
HCL Connections is vulnerable to an information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:17:21.056700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:17:34.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2025-04-04T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T05:23:46.057Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120347"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42208",
"datePublished": "2025-04-04T05:22:59.531Z",
"dateReserved": "2024-07-29T21:32:16.370Z",
"dateUpdated": "2025-04-04T14:17:34.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42188 (GCVE-0-2024-42188)
Vulnerability from nvd – Published: 2024-11-14 15:31 – Updated: 2024-11-14 15:53
VLAI?
Title
HCL Connections is vulnerable to a broken access control vulnerability
Summary
HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
Credits
Christoph Stöttner of Vegard IT GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:51:28.102549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:53:55.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph St\u00f6ttner of Vegard IT GmbH"
}
],
"datePublic": "2024-11-14T15:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios."
}
],
"value": "HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:31:58.223Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117387"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to a broken access control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42188",
"datePublished": "2024-11-14T15:31:58.223Z",
"dateReserved": "2024-07-29T21:32:08.371Z",
"dateUpdated": "2024-11-14T15:53:55.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30106 (GCVE-0-2024-30106)
Vulnerability from nvd – Published: 2024-10-28 21:35 – Updated: 2024-10-29 13:30
VLAI?
Title
HCL Connections is vulnerable to an information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:30:10.899261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:30:26.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2024-10-28T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:35:22.044Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0116967"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30106",
"datePublished": "2024-10-28T21:35:22.044Z",
"dateReserved": "2024-03-22T23:57:21.323Z",
"dateUpdated": "2024-10-29T13:30:26.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30118 (GCVE-0-2024-30118)
Vulnerability from nvd – Published: 2024-10-09 20:03 – Updated: 2024-10-09 20:40
VLAI?
Title
HCL Connections is susceptible to a sensitive information disclosure vulnerability
Summary
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:40:36.525690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:40:52.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2024-10-09T19:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data."
}
],
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:03:30.245Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0114302"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is susceptible to a sensitive information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30118",
"datePublished": "2024-10-09T20:03:30.245Z",
"dateReserved": "2024-03-22T23:57:22.506Z",
"dateUpdated": "2024-10-09T20:40:52.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30112 (GCVE-0-2024-30112)
Vulnerability from nvd – Published: 2024-06-25 21:28 – Updated: 2024-10-30 17:32
VLAI?
Title
HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability
Summary
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
Credits
Christoph Stöttner of Vegard IT GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T14:02:23.451759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T17:32:31.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph St\u00f6ttner of Vegard IT GmbH"
}
],
"datePublic": "2024-06-25T21:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user\u0027s account then launch other attacks.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user\u0027s account then launch other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL."
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:28:23.078Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114148"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30112",
"datePublished": "2024-06-25T21:28:23.078Z",
"dateReserved": "2024-03-22T23:57:21.324Z",
"dateUpdated": "2024-10-30T17:32:31.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37541 (GCVE-0-2023-37541)
Vulnerability from nvd – Published: 2024-06-25 15:08 – Updated: 2025-02-25 23:12
VLAI?
Title
HCL Connections is vulnerable to broken access control
Summary
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7, 8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T16:46:52.266688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T19:12:21.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7, 8"
}
]
}
],
"datePublic": "2025-02-25T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T23:12:11.673Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0119435"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to broken access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37541",
"datePublished": "2024-06-25T15:08:03.168Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2025-02-25T23:12:11.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30107 (GCVE-0-2024-30107)
Vulnerability from nvd – Published: 2024-04-18 20:12 – Updated: 2024-08-02 01:25
VLAI?
Title
HCL Connections is vulnerable to broken access control
Summary
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Connections |
Affected:
7.0, 8.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connections",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connections",
"vendor": "hcltech",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T16:46:55.660490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:25.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connections",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0"
}
]
}
],
"datePublic": "2024-04-18T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T20:12:52.286Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112489"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Connections is vulnerable to broken access control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30107",
"datePublished": "2024-04-18T20:12:52.286Z",
"dateReserved": "2024-03-22T23:57:21.323Z",
"dateUpdated": "2024-08-02T01:25:02.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}