CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23563 – HCL Connections Docs is vulnerable to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-23563
12 Feb 2025 — HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42188 – HCL Connections is vulnerable to a broken access control vulnerability
https://notcve.org/view.php?id=CVE-2024-42188
14 Nov 2024 — HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117387 • CWE-276: Incorrect Default Permissions •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30106 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30106
28 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30118 – HCL Connections is susceptible to a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30118
09 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37541 – HCL Connections is vulnerable to broken access control
https://notcve.org/view.php?id=CVE-2023-37541
25 Jun 2024 — HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114156 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
08 Jun 2024 — HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. HCL Connections Docs es vulnerable a un ataque de Cross-Site Scripting donde un atacante puede aprovechar este problema para ejecutar código arbitrario. Esto puede provocar la divulgación de credenciales y posiblemente lanzar ataques adicionales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23557 – HCL Connections is vulnerable to a user enumeration vulnerability
https://notcve.org/view.php?id=CVE-2024-23557
18 Apr 2024 — HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. HCL Connections contiene una vulnerabilidad de enumeración de usuarios. Ciertas acciones podrían permitir a un atacante determinar si el usuario es válido o no, lo que daría lugar a un posible ataque de fuerza bruta. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112488 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •