Skip to main content

Connections CVE-2024-30118

MEDIUM
Information Exposure (CWE-200)
2024-10-09 psirt@hcl.com
5.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 09, 2024 - 20:15 nvd
MEDIUM 5.7

DescriptionNVD

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.

AnalysisAI

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. Affected products include: Hcltech Connections.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2020-4083 MEDIUM POC
5.5 Mar 05

HCL Connections 6.5 is vulnerable to possible information leakage. Rated medium severity (CVSS 5.5), this vulnerability

CVE-2020-4082 MEDIUM POC
5.4 Mar 05

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplie

CVE-2016-3007 HIGH
8.8 Sep 26

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before C

CVE-2015-5038 HIGH
7.5 Jan 03

IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recu

CVE-2016-2999 MEDIUM
6.5 Sep 26

IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sens

CVE-2024-30107 MEDIUM
6.5 Apr 18

HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized use

CVE-2023-28022 MEDIUM
6.5 Dec 15

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive in

CVE-2020-4085 MEDIUM
6.5 Apr 22

"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace

CVE-2023-37533 MEDIUM
6.1 Nov 09

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to exe

CVE-2014-0929 MEDIUM
6.0 Jun 08

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows

CVE-2016-5932 MEDIUM
5.4 Mar 01

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vul

CVE-2016-0310 MEDIUM
5.4 Feb 08

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to th

Share

CVE-2024-30118 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy