GCVE - cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*

part: a version: 8.0 update: *

Vendor	Hcltech (`be2dce80-cb79-5854-9fe6-9b4a1139ec3e`)
Product	Connections (`1126ee82-bd12-5061-93ca-4bbcd048ce44`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-30118`	vulnerable	2026-06-03 14:55:37.328339	HCL Connections is susceptible to a sensitive information disclosure vulnerability LOW (3.5) HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. Published: 2024-10-09T20:03:30.245Z Updated: 2024-10-09T20:40:52.397Z Open on db.gcve.eu Reference links https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-30107`	vulnerable	2026-06-03 14:55:37.310933	HCL Connections is vulnerable to broken access control LOW (3.5) HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. Published: 2024-04-18T20:12:52.286Z Updated: 2024-08-02T01:25:02.977Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112489	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-30106`	vulnerable	2026-06-03 14:55:37.310464	HCL Connections is vulnerable to an information disclosure vulnerability LOW (3.5) HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. Published: 2024-10-28T21:35:22.044Z Updated: 2024-10-29T13:30:26.441Z Open on db.gcve.eu Reference links https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-37533`	vulnerable	2026-06-03 14:52:29.126650	HCL Connections is vulnerable to reflected cross-site scripting MEDIUM (5.4) HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks. Published: 2023-11-08T23:17:18.712Z Updated: 2024-09-03T19:06:34.349Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108434	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28022`	vulnerable	2026-06-03 14:51:03.325449	HCL Connections is vulnerable to sensitive information disclosure LOW (3.5) HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Published: 2023-12-15T22:42:38.039Z Updated: 2024-12-02T14:24:19.501Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108433	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28018`	vulnerable	2026-06-03 14:51:03.318295	HCL Connections s vulnerable to possible denial of service for certain users MEDIUM (5.5) HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. Published: 2024-02-12T22:46:34.492Z Updated: 2025-03-13T14:39:57.544Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108430	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28017`	vulnerable	2026-06-03 14:51:03.317628	HCL Connections is vulnerable to cross-site scripting MEDIUM (5.4) HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks. Published: 2023-12-07T04:25:37.731Z Updated: 2024-12-02T14:48:44.331Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.