HCL Connections is vulnerable to sensitive information disclosure
CVE-2023-28022

3.5LOW

Key Information:

Vendor: Hcl Software
Status: Hcl Connections
Vendor: CVE Published:; 15 December 2023

Summary

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

Affected Version(s)

HCL Connections 6.0, 6.5, 7.0, 8.0

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Mar 10, 2023