22 matches found
CVE-2019-4209
CVE-2019-4209 affects HCL Connections v5.5, v6.0, and v6.5 with an open redirect vulnerability. The connected documents confirm the issue enables phishing-like scenarios but do not provide technical details on the vulnerable component, root cause, affected submodules, or available remediations. N...
CVE-2020-4083
CVE-2020-4083 affects HCL Connections 6.5, where information could be disclosed via trace logs to a local user. The connected documents provide the vulnerability description and CVSS metrics (CVSSv3.1 base score 5.5, MEDIUM; LOCAL access; high confidentiality impact) but do not include remediatio...
CVE-2020-4082
CVE-2020-4082 concerns the HCL Connections 5.5 help system, where improper validation of user-supplied input enables cross-site scripting. A remote attacker can craft a URL that, when clicked, runs script in the victim’s browser within the hosting site’s security context and can steal cookie-base...
CVE-2024-23557
Summary: CVE-2024-23557 affects HCL Connections (versions 7.0–8.0). The vulnerability is user enumeration, where certain actions reveal whether a given username exists, enabling brute-force style attacks. What’s affected: HCL Connections core platform; specific versions 7.0–8.0 are cited in conne...
CVE-2020-4084
CVE-2020-4084 affects HCL Connections v5.5, v6.0, and v6.5, where a cross-site scripting (XSS) vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The connected documents provide the ...
CVE-2023-37533
CVE-2023-37533 affects HCL Connections and is described in connected sources as a reflected cross-site scripting (XSS) vulnerability. The issue allows an attacker to cause the browser to execute arbitrary scripts by visiting a crafted URL, with the potential to steal cookie-based authentication c...
CVE-2024-30106
CVE-2024-30106 affects HCL Connections and is caused by an IBM WebSphere Application Server error that improperly handles request data, enabling information disclosure of sensitive information. The NVD entry lists a CVSS v3.1 base score of 4.3 (MEDIUM) with Network attack vector, low privileges r...
CVE-2024-30107
Technical details about CVE-2024-30107 are not publicly provided in the supplied documents. No explicit affected versions, root cause, or fixes are disclosed here. Monitor for updates from the vendor and security feeds.
CVE-2024-42188
CVE-2024-42188 affects HCL Connections and describes a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. Public technical details in connected documents include: affected product (HCL Connections) and the vulnerability class (broken acces...
CVE-2020-4085
CVE-2020-4085 affects HCL Connections (reported in CNVD-2020-33350 for versions 6.5, 6.0 and 5.5) and is described as an information-disclosure vulnerability where sensitive data could be exposed via stack traces to a local user. The NVD entry corroborates information leakage with CVSS metrics (v...
CVE-2024-42208
Technical details about CVE-2024-42208 are not publicly available in the provided documents; monitor for updates.
CVE-2024-30118
CVE-2024-30118 affects HCL Connections and involves an information disclosure vulnerability caused by improper handling of request data. The available sources (NVD/NVD-derived) indicate a HIGH confidentiality impact with a LOW attack complexity and network vector, but no specific vulnerable versi...
CVE-2023-37541
CVE-2023-37541 corresponds to a broken access-control issue in HCL Connections that may let an unauthorized user update data in certain scenarios. Supported by multiple sources in the connected documents, the vulnerability is described as an access-control weakness without details on exploited ve...
CVE-2024-30112
CVE-2024-30112 concerns HCL Connections and describes a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary script code in a user’s browser, which could enable theft of cookie-based authentication credentials and compromise of the user’s account, potentiall...
CVE-2023-28017
CVE-2023-28017 concerns HCL Connections and describes a cross-site scripting vulnerability: an attacker can lure a user to a vulnerable URL and execute arbitrary script in the user’s browser, potentially stealing cookie-based authentication credentials and compromising the user’s account. The NVD...
CVE-2023-28018
CVE-2023-28018 affects HCL Connections. The connected sources describe a denial of service caused by improper validation on certain requests, which could be triggered by specially crafted inputs and impact affected users. The NVD entry lists a network-accessible vector with low complexity and hig...
CVE-2023-28022
CVE-2023-28022 affects HCL Connections and is described as an information-disclosure vulnerability caused by improper handling of request data. The NVD entry assigns CVSS v3.1 base score 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges required: Low, User interaction: No...
CVE-2024-42209
CVE-2024-42209 affects HCL Connections and describes an information-disclosure vulnerability caused by improper handling of request data. The available documents identify the vulnerability class (information disclosure) and the affected product but do not provide explicit version ranges or a conf...
CVE-2025-31961
Technical details about CVE-2025-31961 are not publicly available in the provided documents. Monitor for updates; no confirmed affected products/versions, exploit details, or fixes are disclosed here.
CVE-2025-52639
CVE-2025-52639 affects HCL Connections, where a vulnerability allows sensitive information disclosure due to improper rendering of application data. The description across sources consistently references a confidentiality impact but does not provide specific affected versions or a published remed...
CVE-2025-52603
CVE-2025-52603 affects HCL Connections. The issue allows information disclosure in a very specific user navigation scenario where a single piece of internal metadata is returned in the browser. The impact is limited information exposure (low confidentiality impact per CVSS 3.1). The description d...
CVE-2026-21788
CVE-2026-21788 describes a cross-site scripting (XSS) vulnerability in HCL Connections. The issue allows an attacker to execute arbitrary script in a victim’s browser, potentially leading to cookie-based authentication credential theft and user account compromise, with the impact described as lim...