Description
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application
Published: 2026-06-02
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that the vulnerable component could potentially allow an attacker to exploit weaknesses present in that component, though the specific impact is not disclosed.

Affected Systems

This vulnerability exists in all HCL iReflection web applications that include the affected third‑party code. No specific product versions are listed, so the risk applies to every installation that has not upgraded the component.

Risk and Exploitability

The CVSS score of 3.1 indicates low overall severity, and no EPSS score is available, so the exploitation likelihood cannot be quantified at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is normal user interactions or malicious input that invokes the vulnerable component. Based on the description, it is uncertain whether the vulnerable third‑party code processes sensitive data or provides elevated privileges, so the potential impact remains unclear.

Generated by OpenCVE AI on June 3, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Consult the HCL support article linked in the advisory to identify the specific third‑party component versions that require patching.
  • Apply the vendor’s latest patch or upgrade the third‑party component to a version that contains all security fixes.
  • Use automated dependency scanning tools to detect and remediate vulnerable components in future deployments.

Generated by OpenCVE AI on June 3, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285
CWE-79

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl ireflection
Weaknesses CWE-1395
CWE-285
CWE-79
Vendors & Products Hcl
Hcl ireflection
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description HCL iReflection Third party vulnerable and outdated components issue was detected in the web application
Title HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Hcl Ireflection
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-02T18:24:59.927Z

Reserved: 2024-07-29T21:32:11.088Z

Link: CVE-2024-42206

cve-icon Vulnrichment

Updated: 2026-06-02T18:23:38.765Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T17:16:22.877

Modified: 2026-06-02T17:35:24.027

Link: CVE-2024-42206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T13:00:13Z

Weaknesses
  • CWE-1395

    Dependency on Vulnerable Third-Party Component