Information Disclosure Vulnerability in HCL Connections by HCL Software
CVE-2024-42208

3.5LOW

Key Information:

Vendor
HCL Software Software
Status
HCL Software Connections
Vendor
CVE Published:
4 April 2025

Summary

HCL Connections is affected by an information disclosure vulnerability that enables unauthorized users to access sensitive data due to improper management of request data. This flaw underscores the importance of robust data protection measures within the software to prevent exploitation. It is critical for organizations utilizing HCL Connections to review their instances and apply necessary updates or patches to bolster their security postures and mitigate potential risks associated with this vulnerability.

Affected Version(s)

HCL Connections 7.0, 8.0

References

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.