Description
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Published: 2026-06-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a Weak Input Validation flaw in HCL iControl. The implementation expects input of a particular type but does not perform adequate validation or performs incorrect validation, thereby allowing malicious input to be accepted or misinterpreted. Because the flaw is associated with CWE-209, it may permit an attacker to expose sensitive data that should not be publicly visible.

Affected Systems

Affected vendor is HCL, product iControl. No specific product versions are indicated in the advisory, so any installation of HCL iControl that contains the affected component could be vulnerable. The impact applies to systems that expose the vulnerable interface to potential attackers, which could include network accessible or locally administered devices.

Risk and Exploitability

The CVSS base score is 4.3, suggesting a low impact. The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog, which indicates there are no known public exploits. The attack vector cannot be determined precisely from the description, but the nature of input validation issues typically requires either local or authenticated network access to the vulnerable component. In the absence of a known exploit, the risk remains low, and administrators should verify the presence of a patch or mitigate via other controls.

Generated by OpenCVE AI on June 4, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the HCL iControl product to the latest version that addresses the input validation issue.
  • Implement additional input validation on any interfaces that accept user‑supplied data to ensure strict type checking and rejection of malformed input.
  • Restrict network access to the iControl management interface using firewalls or ACLs, limiting exposure to trusted hosts.

Generated by OpenCVE AI on June 4, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech icontrol
CPEs cpe:2.3:a:hcltech:icontrol:4.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech icontrol

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Description HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Title HCL iControl was affected by Weak Input Validation vulnerability. .
Weaknesses CWE-209
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Hcltech Icontrol
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-04T13:08:41.096Z

Reserved: 2025-06-18T14:00:38.417Z

Link: CVE-2025-52606

cve-icon Vulnrichment

Updated: 2026-06-04T13:08:37.080Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T12:16:23.580

Modified: 2026-06-04T18:38:56.230

Link: CVE-2025-52606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:13Z

Weaknesses
  • CWE-209

    Generation of Error Message Containing Sensitive Information