Server Side Request Forgery Vulnerability in HCL Digital Experience
CVE-2020-4101

9.8CRITICAL

Key Information:

Vendor: HCL Software
Status: "hcl Digital Experience"
Vendor: CVE Published:; 11 June 2020

Summary

HCL Digital Experience has a vulnerability that allows for Server Side Request Forgery (SSRF), potentially allowing an attacker to send crafted requests from the server to internal or external resources. This can lead to unauthorized access to sensitive data or services, exploiting the trust relationship between the server and those resources.

Affected Version(s)

"HCL Digital Experience" "8.5, 9.0, 9.5"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2020
Vulnerability Reserved
Dec 30, 2019