CVE-2022-38662 (GCVE-0-2022-38662)
Vulnerability from cvelistv5 – Published: 2022-12-15 20:36 – Updated: 2025-04-18 15:58
VLAI
EPSS
VEX
Title
HCL Digital Experience is susceptible to open redirects
Summary
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Digital Experience |
Affected:
8.5, 9.0, 9.5
|
Date Public
2022-12-15 19:22
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:57:59.091403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:58:02.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2022-12-15T19:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\u00a0In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T10:00:14.221Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to open redirects",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-38662",
"datePublished": "2022-12-15T20:36:54.482Z",
"dateReserved": "2022-08-22T16:31:27.395Z",
"dateUpdated": "2025-04-18T15:58:02.771Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-38662",
"date": "2026-07-16",
"epss": "0.0036",
"percentile": "0.28204"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:hcl_digital_experience:8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98489DBF-99EF-4105-B126-DD4147B9D0C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:hcl_digital_experience:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"342DD11A-915C-4C31-904C-155467BB7102\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:hcl_digital_experience:9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D485439-A594-4C46-A28E-10B2D1E5E976\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\u00a0In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\\n\"}, {\"lang\": \"es\", \"value\": \"En HCL Digital Experience, se pueden crear URL para redirigir a los usuarios a sitios que no son de confianza.\"}]",
"id": "CVE-2022-38662",
"lastModified": "2024-11-21T07:16:53.300",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@hcl.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
"published": "2022-12-19T11:15:10.397",
"references": "[{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141\", \"source\": \"psirt@hcl.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-38662\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2022-12-19T11:15:10.397\",\"lastModified\":\"2026-06-17T04:56:57.723\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\u00a0In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\\n\"},{\"lang\":\"es\",\"value\":\"En HCL Digital Experience, se pueden crear URL para redirigir a los usuarios a sitios que no son de confianza.\"}],\"affected\":[{\"source\":\"psirt@hcl.com\",\"affectedData\":[{\"vendor\":\"HCL Software\",\"product\":\"HCL Digital Experience\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"8.5, 9.0, 9.5\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-04-18T15:57:59.091403Z\",\"id\":\"CVE-2022-38662\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:hcl_digital_experience:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98489DBF-99EF-4105-B126-DD4147B9D0C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:hcl_digital_experience:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"342DD11A-915C-4C31-904C-155467BB7102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:hcl_digital_experience:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D485439-A594-4C46-A28E-10B2D1E5E976\"}]}]}],\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-05-29T01:18:43+00:00",
"cve": "CVE-2022-38662",
"id": "CVE-2022-38662",
"initial_release_date": "2022-12-15T19:22:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "HCL Digital Experience is susceptible to open redirects",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38662.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T11:02:14.304Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-38662\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-18T15:57:59.091403Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-601\", \"description\": \"CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-18T15:57:55.522Z\"}}], \"cna\": {\"title\": \"HCL Digital Experience is susceptible to open redirects\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"HCL Digital Experience\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5, 9.0, 9.5\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-12-15T19:22:00.000Z\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\u00a0In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2022-12-19T10:00:14.221Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-38662\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-18T15:58:02.771Z\", \"dateReserved\": \"2022-08-22T16:31:27.395Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2022-12-15T20:36:54.482Z\", \"requesterUserId\": \"520cc88b-a1c8-44f6-9154-21a4d74c769f\", \"assignerShortName\": \"HCL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…