Information Leakage in HCL Connections by HCL Technologies
CVE-2020-4085

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: "hcl Connections"
Vendor: CVE Published:; 22 April 2020

Summary

HCL Connections is exposed to a potential information leakage vulnerability that may allow an unauthorized local user to access sensitive information. This could happen through stack traces that are improperly exposed, leading to unintended disclosure of confidential data. Organizations utilizing HCL Connections should take precautionary measures to secure their systems and ensure that stack traces do not reveal critical information.

Affected Version(s)

"HCL Connections" "5.5, 6.0, 6.5"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2020
Vulnerability Reserved
Dec 30, 2019