Every CVE whose affected-product data names Hcltech Connections, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2020-4085 — CVSS 6.5 (medium): "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."
CVE-2019-4209 — CVSS 6.1 (medium): HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing…
CVE-2020-4083 — CVSS 5.5 (medium): HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a…
CVE-2023-28018 — CVSS 5.5 (medium): HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request…
CVE-2023-37533 — CVSS 5.4 (medium): HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary…
CVE-2026-21788 — CVSS 5.4 (medium): HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code…
CVE-2020-4082 — CVSS 5.4 (medium): The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote…
CVE-2020-4084 — CVSS 5.4 (medium): HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-28017 — CVSS 5.4 (medium): HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code…
CVE-2024-30112 — CVSS 5.4 (medium): HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code…
CVE-2025-31961 — CVSS 3.7 (low): HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVE-2024-42188 — CVSS 3.7 (low): HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain…
CVE-2024-30107 — CVSS 3.5 (low): HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain…
CVE-2023-28022 — CVSS 3.5 (low): HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are…
CVE-2024-30118 — CVSS 3.5 (low): HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are…
CVE-2024-42208 — CVSS 3.5 (low): HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are…
CVE-2024-42209 — CVSS 3.5 (low): HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are…
CVE-2025-52603 — CVSS 3.5 (low): HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain…
CVE-2025-52639 — CVSS 3.5 (low): HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information…
CVE-2024-23557 — CVSS 3.5 (low): HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or…
CVE-2023-37541 — CVSS 3.5 (low): HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVE-2024-30106 — CVSS 3.5 (low): HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could…