Information Disclosure Vulnerability in HCL Connections by HCL Software
CVE-2024-42208

3.5LOW

Key Information:

Vendor: HCL Software Software
Status: HCL Software Connections
Vendor: CVE Published:; 4 April 2025

Summary

HCL Connections is affected by an information disclosure vulnerability that enables unauthorized users to access sensitive data due to improper management of request data. This flaw underscores the importance of robust data protection measures within the software to prevent exploitation. It is critical for organizations utilizing HCL Connections to review their instances and apply necessary updates or patches to bolster their security postures and mitigate potential risks associated with this vulnerability.

Affected Version(s)

HCL Connections 7.0, 8.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Jul 29, 2024