Hcltech Connections
22 CVEs affecting Hcltech Connections. Latest disclosed: 2026-03-19. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4085 | Medium | 6.5 | 2020-04-22 | "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." |
CVE-2019-4209 | Medium | 6.1 | 2020-05-01 | HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. |
CVE-2023-28018 | Medium | 5.5 | 2024-02-12 | HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could ex… |
CVE-2020-4083 | Medium | 5.5 | 2020-03-05 | HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. |
CVE-2026-21788 | Medium | 5.4 | 2026-03-19 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an… |
CVE-2024-30112 | Medium | 5.4 | 2024-06-25 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an… |
CVE-2023-28017 | Medium | 5.4 | 2023-12-07 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an… |
CVE-2023-37533 | Medium | 5.4 | 2023-11-09 | HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the brows… |
CVE-2020-4084 | Medium | 5.4 | 2020-03-09 | HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… |
CVE-2020-4082 | Medium | 5.4 | 2020-03-05 | The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploi… |
CVE-2025-31961 | Low | 3.7 | 2025-08-15 | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. |
CVE-2024-42188 | Low | 3.7 | 2024-11-14 | HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. |
CVE-2025-52603 | Low | 3.5 | 2026-02-20 | HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information wh… |
CVE-2025-52639 | Low | 3.5 | 2025-11-18 | HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitle… |
CVE-2024-42209 | Low | 3.5 | 2025-07-17 | HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, whic… |
CVE-2024-42208 | Low | 3.5 | 2025-04-04 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, cau… |
CVE-2024-30106 | Low | 3.5 | 2024-10-28 | HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain… |
CVE-2024-30118 | Low | 3.5 | 2024-10-09 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to beca… |
CVE-2023-37541 | Low | 3.5 | 2024-06-25 | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. |
CVE-2024-30107 | Low | 3.5 | 2024-04-18 | HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. |