Impact
HCL Connections contains a broken access control flaw (CWE-284) that can enable an unauthorized user to view data in a single specific scenario. Additionally, the vulnerability may involve insecure data handling (CWE-319). The vulnerability does not grant code execution or wide‑scale system compromise, but it can lead to confidentiality breaches if a non‑privileged user accesses sensitive information.
Affected Systems
The affected product is HCL Software Connections. No version or patch information is provided, so administrators should verify the current deployment against vendor advisories and confirm whether the configuration falls into the single vulnerable scenario described.
Risk and Exploitability
The CVSS score of 3.5 classifies this issue as low severity. An EPSS score is not available, and it is not listed in the CISA KEV catalog, indicating there are no known widespread or active exploits. Based on the description, it is inferred that exploitation likely requires a specific path within the application; it does not appear to be an arbitrary remote vulnerability. As such, the risk is limited but non‑zero for systems that match the vulnerable scenario.
OpenCVE Enrichment