Lucene search
+L
HcltechConnections

22 matches found

CVE
CVE
added 2020/05/01 4:10 p.m.109 views

CVE-2019-4209

CVE-2019-4209 affects HCL Connections v5.5, v6.0, and v6.5 with an open redirect vulnerability. The connected documents confirm the issue enables phishing-like scenarios but do not provide technical details on the vulnerable component, root cause, affected submodules, or available remediations. N...

6.1CVSS6.2AI score0.00642EPSS
CVE
CVE
added 2020/03/05 6:39 p.m.88 views

CVE-2020-4083

CVE-2020-4083 affects HCL Connections 6.5, where information could be disclosed via trace logs to a local user. The connected documents provide the vulnerability description and CVSS metrics (CVSSv3.1 base score 5.5, MEDIUM; LOCAL access; high confidentiality impact) but do not include remediatio...

5.5CVSS5.2AI score0.00349EPSS
CVE
CVE
added 2020/03/05 6:45 p.m.83 views

CVE-2020-4082

CVE-2020-4082 concerns the HCL Connections 5.5 help system, where improper validation of user-supplied input enables cross-site scripting. A remote attacker can craft a URL that, when clicked, runs script in the victim’s browser within the hosting site’s security context and can steal cookie-base...

5.4CVSS5.6AI score0.0066EPSS
CVE
CVE
added 2024/04/18 6:21 p.m.72 views

CVE-2024-23557

Summary: CVE-2024-23557 affects HCL Connections (versions 7.0–8.0). The vulnerability is user enumeration, where certain actions reveal whether a given username exists, enabling brute-force style attacks. What’s affected: HCL Connections core platform; specific versions 7.0–8.0 are cited in conne...

4.3CVSS6.7AI score0.00346EPSS
CVE
CVE
added 2020/03/09 4:42 p.m.68 views

CVE-2020-4084

CVE-2020-4084 affects HCL Connections v5.5, v6.0, and v6.5, where a cross-site scripting (XSS) vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The connected documents provide the ...

5.4CVSS5.3AI score0.00521EPSS
CVE
CVE
added 2023/11/08 11:17 p.m.67 views

CVE-2023-37533

CVE-2023-37533 affects HCL Connections and is described in connected sources as a reflected cross-site scripting (XSS) vulnerability. The issue allows an attacker to cause the browser to execute arbitrary scripts by visiting a crafted URL, with the potential to steal cookie-based authentication c...

6.1CVSS5.8AI score0.00419EPSS
CVE
CVE
added 2024/10/28 9:35 p.m.59 views

CVE-2024-30106

CVE-2024-30106 affects HCL Connections and is caused by an IBM WebSphere Application Server error that improperly handles request data, enabling information disclosure of sensitive information. The NVD entry lists a CVSS v3.1 base score of 4.3 (MEDIUM) with Network attack vector, low privileges r...

4.3CVSS3.7AI score0.00261EPSS
CVE
CVE
added 2024/11/14 3:31 p.m.59 views

CVE-2024-42188

CVE-2024-42188 affects HCL Connections and describes a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. Public technical details in connected documents include: affected product (HCL Connections) and the vulnerability class (broken acces...

4.6CVSS4.1AI score0.0017EPSS
CVE
CVE
added 2024/04/18 8:12 p.m.57 views

CVE-2024-30107

Technical details about CVE-2024-30107 are not publicly provided in the supplied documents. No explicit affected versions, root cause, or fixes are disclosed here. Monitor for updates from the vendor and security feeds.

6.5CVSS6.3AI score0.00329EPSS
CVE
CVE
added 2020/04/22 2:53 p.m.55 views

CVE-2020-4085

CVE-2020-4085 affects HCL Connections (reported in CNVD-2020-33350 for versions 6.5, 6.0 and 5.5) and is described as an information-disclosure vulnerability where sensitive data could be exposed via stack traces to a local user. The NVD entry corroborates information leakage with CVSS metrics (v...

6.5CVSS6.1AI score0.00816EPSS
CVE
CVE
added 2025/04/04 5:22 a.m.54 views

CVE-2024-42208

Technical details about CVE-2024-42208 are not publicly available in the provided documents; monitor for updates.

3.5CVSS6.4AI score0.0025EPSS
CVE
CVE
added 2024/10/09 8:3 p.m.51 views

CVE-2024-30118

CVE-2024-30118 affects HCL Connections and involves an information disclosure vulnerability caused by improper handling of request data. The available sources (NVD/NVD-derived) indicate a HIGH confidentiality impact with a LOW attack complexity and network vector, but no specific vulnerable versi...

5.7CVSS3.8AI score0.00292EPSS
CVE
CVE
added 2024/06/25 3:8 p.m.50 views

CVE-2023-37541

CVE-2023-37541 corresponds to a broken access-control issue in HCL Connections that may let an unauthorized user update data in certain scenarios. Supported by multiple sources in the connected documents, the vulnerability is described as an access-control weakness without details on exploited ve...

4.3CVSS3.9AI score0.00329EPSS
CVE
CVE
added 2024/06/25 9:28 p.m.49 views

CVE-2024-30112

CVE-2024-30112 concerns HCL Connections and describes a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary script code in a user’s browser, which could enable theft of cookie-based authentication credentials and compromise of the user’s account, potentiall...

5.4CVSS5.7AI score0.00256EPSS
CVE
CVE
added 2023/12/07 4:25 a.m.48 views

CVE-2023-28017

CVE-2023-28017 concerns HCL Connections and describes a cross-site scripting vulnerability: an attacker can lure a user to a vulnerable URL and execute arbitrary script in the user’s browser, potentially stealing cookie-based authentication credentials and compromising the user’s account. The NVD...

5.4CVSS5.7AI score0.00414EPSS
CVE
CVE
added 2024/02/12 10:46 p.m.47 views

CVE-2023-28018

CVE-2023-28018 affects HCL Connections. The connected sources describe a denial of service caused by improper validation on certain requests, which could be triggered by specially crafted inputs and impact affected users. The NVD entry lists a network-accessible vector with low complexity and hig...

6.5CVSS5.5AI score0.00318EPSS
CVE
CVE
added 2023/12/15 10:42 p.m.43 views

CVE-2023-28022

CVE-2023-28022 affects HCL Connections and is described as an information-disclosure vulnerability caused by improper handling of request data. The NVD entry assigns CVSS v3.1 base score 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges required: Low, User interaction: No...

6.5CVSS4.4AI score0.00502EPSS
CVE
CVE
added 2025/07/17 7:24 p.m.23 views

CVE-2024-42209

CVE-2024-42209 affects HCL Connections and describes an information-disclosure vulnerability caused by improper handling of request data. The available documents identify the vulnerability class (information disclosure) and the affected product but do not provide explicit version ranges or a conf...

3.5CVSS6.1AI score0.00197EPSS
CVE
CVE
added 2025/08/15 4:29 a.m.22 views

CVE-2025-31961

Technical details about CVE-2025-31961 are not publicly available in the provided documents. Monitor for updates; no confirmed affected products/versions, exploit details, or fixes are disclosed here.

4.6CVSS7AI score0.0015EPSS
CVE
CVE
added 2025/11/18 6:58 p.m.16 views

CVE-2025-52639

CVE-2025-52639 affects HCL Connections, where a vulnerability allows sensitive information disclosure due to improper rendering of application data. The description across sources consistently references a confidentiality impact but does not provide specific affected versions or a published remed...

6.5CVSS5.7AI score0.00209EPSS
CVE
CVE
added 2026/02/20 3:29 p.m.15 views

CVE-2025-52603

CVE-2025-52603 affects HCL Connections. The issue allows information disclosure in a very specific user navigation scenario where a single piece of internal metadata is returned in the browser. The impact is limited information exposure (low confidentiality impact per CVSS 3.1). The description d...

3.5CVSS5.5AI score0.00255EPSS
CVE
CVE
added 2026/03/19 8:44 a.m.12 views

CVE-2026-21788

CVE-2026-21788 describes a cross-site scripting (XSS) vulnerability in HCL Connections. The issue allows an attacker to execute arbitrary script in a victim’s browser, potentially leading to cookie-based authentication credential theft and user account compromise, with the impact described as lim...

5.4CVSS5.8AI score0.00164EPSS