Description
HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.
Published: 2026-06-23
Score: 3.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HCL Connections contains a broken access control flaw (CWE-284) that can enable an unauthorized user to view data in a single specific scenario. Additionally, the vulnerability may involve insecure data handling (CWE-319). The vulnerability does not grant code execution or wide‑scale system compromise, but it can lead to confidentiality breaches if a non‑privileged user accesses sensitive information.

Affected Systems

The affected product is HCL Software Connections. No version or patch information is provided, so administrators should verify the current deployment against vendor advisories and confirm whether the configuration falls into the single vulnerable scenario described.

Risk and Exploitability

The CVSS score of 3.5 classifies this issue as low severity. An EPSS score is not available, and it is not listed in the CISA KEV catalog, indicating there are no known widespread or active exploits. Based on the description, it is inferred that exploitation likely requires a specific path within the application; it does not appear to be an arbitrary remote vulnerability. As such, the risk is limited but non‑zero for systems that match the vulnerable scenario.

Generated by OpenCVE AI on June 24, 2026 at 11:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review and tighten role‑based access controls so that only users with the appropriate privileges can view sensitive data within HCL Connections.
  • Disable or limit any functionality that exposes data in the identified vulnerable scenario, ensuring that all endpoints enforce proper authorization checks.
  • Apply any vendor‑supplied patch or update that addresses the broken access control flaw as soon as it becomes available.

Generated by OpenCVE AI on June 24, 2026 at 11:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech connections
Vendors & Products Hcltech
Hcltech connections

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.
Title HCL Connections is vulnerable to broken access control
Weaknesses CWE-284
CWE-319
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}


Subscriptions

Hcltech Connections
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-23T15:46:52.076Z

Reserved: 2026-04-01T15:59:36.219Z

Link: CVE-2025-15619

cve-icon Vulnrichment

Updated: 2026-06-23T15:46:48.332Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:59Z

Weaknesses
  • CWE-284

    Improper Access Control

  • CWE-319

    Cleartext Transmission of Sensitive Information