CVE-2025-15619
HCL Connections is vulnerable to broken access control
In short
HCL Connections has a flaw that could let an unauthorized person view certain data in a specific situation. This means access controls aren't working properly in that case.
Technical detail
A broken access control vulnerability exists in HCL Connections (CWE-284) where insufficient authorization checks allow an unauthenticated or low-privileged user to access restricted data in a narrow attack scenario. The vulnerability requires specific preconditions and has limited scope, affecting confidentiality of data in that particular context.
Summary generated and translated by AI from the official description.
HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected products
HCLSoftware · ConnectionsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →