CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4209
https://notcve.org/view.php?id=CVE-2019-4209
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. HCL Connections versiones v5.5, v6.0 y v6.5, contienen una vulnerabilidad de redireccionamiento abierto que podría ser explotada por parte de un atacante para realizar ataques de phishing. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077954 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4085
https://notcve.org/view.php?id=CVE-2020-4085
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." "HCL Connections es vulnerable a un posible filtrado de información y podría divulgar información confidencial por medio de un rastreo de la pila en un usuario local". • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077976 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4084
https://notcve.org/view.php?id=CVE-2020-4084
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. HCL Connections versiones v5.5, v6.0 y v6.5, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0076649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1896
https://notcve.org/view.php?id=CVE-2018-1896
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. IBM Connections 5.0, 5.5 y 6.0 es vulnerable a un posible ataque de inyección de cabeceras del host que podría provocar la navegación hasta el dominio del atacante. IBM X-Force ID: 152456. • http://www.securityfocus.com/bid/106197 https://exchange.xforce.ibmcloud.com/vulnerabilities/152456 https://www.ibm.com/support/docview.wss?uid=ibm10742567 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1935
https://notcve.org/view.php?id=CVE-2018-1935
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315. IBM Connections 5.0, 5.5 y 6.0 podría permitir que un usuario autenticado obtenga información sensible de mensajes de error de petición inválidos. IBM X-Force ID: 153315. • http://www.securityfocus.com/bid/106134 https://exchange.xforce.ibmcloud.com/vulnerabilities/153315 https://www.ibm.com/support/docview.wss?uid=ibm10742575 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •