CVE-2024-42209
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-10-29
Assigner: HCL Software
Description
Description
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | connections | 7.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL Connections is an information disclosure issue caused by improper handling of request data, which could allow a user to access sensitive information they are not authorized to see.
How can this vulnerability impact me? :
The vulnerability could lead to unauthorized disclosure of sensitive information, potentially exposing confidential data to users who should not have access to it.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70