CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31961 – HCL Connections is vulnerable to broken access control
https://notcve.org/view.php?id=CVE-2025-31961
15 Aug 2025 — HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123268 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31987 – HCL Connections Docs is vulnerable to a Denial of Service (DoS) attack
https://notcve.org/view.php?id=CVE-2025-31987
14 Aug 2025 — HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123272 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42209 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42209
17 Jul 2025 — HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122628 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42208 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42208
04 Apr 2025 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. HCL Connections es vulnerable a una vulnerabilidad de divulgación de información que podría permitir que un usuario obtenga información confidencial a la que no tiene derecho, debido a una gestión inadecuada de los datos solicitados. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23563 – HCL Connections Docs is vulnerable to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-23563
12 Feb 2025 — HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42188 – HCL Connections is vulnerable to a broken access control vulnerability
https://notcve.org/view.php?id=CVE-2024-42188
14 Nov 2024 — HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117387 • CWE-276: Incorrect Default Permissions •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30106 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30106
28 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30118 – HCL Connections is susceptible to a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30118
09 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37541 – HCL Connections is vulnerable to broken access control
https://notcve.org/view.php?id=CVE-2023-37541
25 Jun 2024 — HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114156 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
08 Jun 2024 — HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. HCL Connections Docs es vulnerable a un ataque de Cross-Site Scripting donde un atacante puede aprovechar este problema para ejecutar código arbitrario. Esto puede provocar la divulgación de credenciales y posiblemente lanzar ataques adicionales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •