Lucene search

[email protected]CVE-2023-37533

HistoryNov 09, 2023 - 12:15 a.m.

CVE-2023-37533

2023-11-0900:15:07

CWE-79

[email protected]

web.nvd.nist.gov

hcl connections

reflected xss

security

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user’s account then launch other attacks.

Affected configurations

NVD

Node

hcltechconnectionsMatch8.0

CPENameOperatorVersion
hcltech:connectionshcltech connectionseq8.0

CPE	Name	Operator	Version
hcltech:connections	hcltech connections	eq	8.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Connections",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "8.0"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108434

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-37533

prion1 nvd1 cvelist1