Skip to main content

Connections

60 CVEs product

Monthly

CVE-2025-15619 LOW Monitor

HCL Connections exposes a broken access control flaw that permits a low-privileged, authenticated user to view data they should not be authorized to access, but only under one specific scenario. Classified under CWE-284 (Improper Access Control), the vulnerability requires network access, low privileges, and user interaction, limiting its real-world exploitation surface considerably. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS score of 3.5 reflects a genuinely low-severity finding.

Authentication Bypass Connections
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2026-21789 MEDIUM This Month

Broken access control in HCL Connections exposes an integrity risk where an authenticated low-privileged user can update data outside their intended authorization scope under specific conditions. The CVSS vector (AV:N/AC:L/PR:L/UI:R) confirms the attack is network-reachable, requires only low-privilege credentials, and involves some form of user interaction. No public exploit code has been identified and HCL Connections is not listed in the CISA KEV catalog, placing this in a moderate-priority remediation tier for most organizations, though environments where data integrity in Connections is business-critical should treat it with elevated urgency.

Authentication Bypass Connections
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-21788 MEDIUM This Month

HCL Connections contains a reflected or stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious JavaScript into the application, which executes in the browsers of other users who interact with the crafted payload. An attacker with valid credentials can steal session cookies and authentication tokens, potentially compromising victim accounts and enabling further attacks such as lateral movement or data exfiltration. The vulnerability requires user interaction and authentication to exploit, resulting in a CVSS score of 5.4 (Medium severity), though the impact is cross-site scope.

XSS Connections
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52603 LOW Monitor

Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).

Information Disclosure Connections
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-52639 LOW Monitor

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-31961 LOW Monitor

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Connections
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2024-42208 LOW Monitor

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-42188 MEDIUM This Month

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connections
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-30106 MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-30118 MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-30112 MEDIUM This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-30107 MEDIUM This Month

HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Connections
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-23557 MEDIUM This Month

HCL Connections contains a user enumeration vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-28022 MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-28017 MEDIUM PATCH This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37533 MEDIUM This Month

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-27746 MEDIUM This Month

"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4085 MEDIUM This Month

"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4084 MEDIUM PATCH This Month

HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4083 MEDIUM POC This Month

HCL Connections 6.5 is vulnerable to possible information leakage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4082 MEDIUM POC This Month

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4403 MEDIUM This Month

IBM Connections 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-1896 MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection IBM Connections
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1935 MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-1791 MEDIUM This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2017-1613 MEDIUM This Month

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Information Disclosure Connections
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-1498 MEDIUM This Month

IBM Connections 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5932 MEDIUM This Month

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-0310 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-0308 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Connections
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-0307 MEDIUM PATCH This Month

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-0305 MEDIUM PATCH This Month

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2955 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3009 LOW Monitor

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM CSRF Connections
NVD
CVSS 3.0
3.5
EPSS
0.0%
CVE-2016-3004 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-3002 LOW Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
2.1
EPSS
0.1%
CVE-2016-2958 MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2957 MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2953 LOW PATCH Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Connections
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-3007 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3006 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3003 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3001 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3000 MEDIUM PATCH This Month

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Connections
NVD
CVSS 3.0
4.3
EPSS
0.4%
CVE-2016-2999 MEDIUM PATCH This Month

IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3010 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3008 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3005 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2998 LOW PATCH Monitor

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
3.5
EPSS
0.0%
CVE-2016-2997 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2995 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2956 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2954 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0322 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5038 HIGH This Week

IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Connections
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-5037 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Connections
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2015-5036 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5035 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-0929 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Connections
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2013-0569 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Connections
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 3.5
LOW Monitor

HCL Connections exposes a broken access control flaw that permits a low-privileged, authenticated user to view data they should not be authorized to access, but only under one specific scenario. Classified under CWE-284 (Improper Access Control), the vulnerability requires network access, low privileges, and user interaction, limiting its real-world exploitation surface considerably. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS score of 3.5 reflects a genuinely low-severity finding.

Authentication Bypass Connections
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Broken access control in HCL Connections exposes an integrity risk where an authenticated low-privileged user can update data outside their intended authorization scope under specific conditions. The CVSS vector (AV:N/AC:L/PR:L/UI:R) confirms the attack is network-reachable, requires only low-privilege credentials, and involves some form of user interaction. No public exploit code has been identified and HCL Connections is not listed in the CISA KEV catalog, placing this in a moderate-priority remediation tier for most organizations, though environments where data integrity in Connections is business-critical should treat it with elevated urgency.

Authentication Bypass Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HCL Connections contains a reflected or stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious JavaScript into the application, which executes in the browsers of other users who interact with the crafted payload. An attacker with valid credentials can steal session cookies and authentication tokens, potentially compromising victim accounts and enabling further attacks such as lateral movement or data exfiltration. The vulnerability requires user interaction and authentication to exploit, resulting in a CVSS score of 5.4 (Medium severity), though the impact is cross-site scope.

XSS Connections
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).

Information Disclosure Connections
NVD
EPSS 0% CVSS 3.5
LOW Monitor

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
EPSS 0% CVSS 3.7
LOW Monitor

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Connections
NVD
EPSS 0% CVSS 3.5
LOW Monitor

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HCL Connections contains a user enumeration vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

HCL Connections 6.5 is vulnerable to possible information leakage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connections
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connections
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Connections 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection IBM Connections
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Connections 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM CSRF Connections
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

IBM CSRF Connections
NVD
EPSS 0% CVSS 2.1
LOW Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM CSRF Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Connections
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

IBM CSRF Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Connections
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Connections
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy