Sensitive Data Exposure in HCL Leap due to Missing Cache Control Headers
CVE-2023-37517

3.2LOW

Key Information:

Vendor: HCL Software Software
Status: HCL Software Domino Leap
Vendor: CVE Published:; 30 April 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2023-37517?

HCL Leap is affected by a vulnerability that allows sensitive data to be cached inappropriately due to missing 'no cache' headers. This oversight could lead to unauthorized access to confidential information, underscoring the importance of proper cache control mechanisms to safeguard sensitive data during transmission and storage. Organizations using HCL Leap must take immediate action to address this vulnerability to protect their data integrity and maintain compliance.

Affected Version(s)

HCL Domino Leap 1.0 - 1.0.5; 1.1 - 1.1.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Jul 6, 2023