Insufficient Default Configuration in HCL Leap Leads to Unauthorized Access
CVE-2023-45720

5.3MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Leap
Vendor: CVE Published:; 24 April 2025

Summary

The HCL Leap application is susceptible to unauthorized access due to insufficient default configuration, allowing anonymous users to access sensitive directory information. This vulnerability could lead to exposure of confidential data and increase the risk of further attacks. It is strongly advised that users review their configuration settings to mitigate this risk.

Affected Version(s)

HCL Leap < 9.3.5

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Oct 10, 2023