Description
HCL Hive Telco Observability is affected by  a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable.
Published: 2026-06-04
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from an omission of required Content Security Policy directives in the keycloak component of HCL Hive Telco Observability. According to CWE‑1027, this failure can allow attackers to inject or execute arbitrary scripts in the context of the web application, potentially leading to cross‑site scripting attacks, data theft or session hijacking. The impact is primarily on confidentiality and integrity of user data and could enable lateral movement within the application if the attacker can script interactions within the user's session.

Affected Systems

Affected product: HCL Hive Telco Observability – specifically the keycloak component. No specific version information is disclosed in the CVE report.

Risk and Exploitability

The CVSS score of 8.1 classifies the vulnerability as a high severity issue, indicating that exploitation could significantly disrupt the system’s security posture. EPSS data is not available, and the vulnerability is not catalogued in CISA KEV, suggesting it may not yet have widespread exploitation. The likely attack vector is through the web interface, where an attacker could craft inputs or requests that trigger the missing CSP directives and execute malicious code remotely.

Generated by OpenCVE AI on June 4, 2026 at 14:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update HCL Hive Telco Observability to the latest version that includes the missing CSP directives as referenced in the HCL support advisory
  • Verify that the web server is sending proper CSP headers such as "default-src", "script-src", and "style-src" for the keycloak endpoints
  • If an immediate update is not feasible, implement a temporary measure by configuring the application or reverse proxy to inject the required CSP directives to mitigate XSS exposure

Generated by OpenCVE AI on June 4, 2026 at 14:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description HCL Hive Telco Observability is affected by  a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable.
Title HCL Hive Telco Observability is affected by  a Required directives missing from the CSP .
Weaknesses CWE-1027
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-04T13:55:31.635Z

Reserved: 2025-09-22T15:00:11.104Z

Link: CVE-2025-59874

cve-icon Vulnrichment

Updated: 2026-06-04T13:55:27.283Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T14:16:35.180

Modified: 2026-06-04T15:25:53.963

Link: CVE-2025-59874

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T15:00:15Z

Weaknesses