Broken Access Control Vulnerability in HCL Connections Could Allow Unauthorized Data Updates
CVE-2023-37541

3.5LOW

Key Information:

Vendor: Hcl Software
Status: Connections
Vendor: CVE Published:; 25 June 2024

Summary

HCL Connections features a vulnerability related to broken access control that can be exploited in specific scenarios. This imperfection allows unauthorized users to potentially update crucial data, resulting in a risk of data integrity breaches. Users of HCL Connections are advised to review their configurations and ensure appropriate access controls are in place to mitigate any risks associated with this vulnerability.

Affected Version(s)

Connections 7.0, 8.0

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jul 6, 2023