4.6
CVE-2025-31961
- EPSS 0.05%
- Veröffentlicht 15.08.2025 04:29:59
- Zuletzt bearbeitet 10.10.2025 16:59:36
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Connections Version8.0 Update-
Hcltech ≫ Connections Version8.0 Updatecumulative_release1
Hcltech ≫ Connections Version8.0 Updatecumulative_release10
Hcltech ≫ Connections Version8.0 Updatecumulative_release2
Hcltech ≫ Connections Version8.0 Updatecumulative_release3
Hcltech ≫ Connections Version8.0 Updatecumulative_release4
Hcltech ≫ Connections Version8.0 Updatecumulative_release5
Hcltech ≫ Connections Version8.0 Updatecumulative_release6
Hcltech ≫ Connections Version8.0 Updatecumulative_release7
Hcltech ≫ Connections Version8.0 Updatecumulative_release8
Hcltech ≫ Connections Version8.0 Updatecumulative_release9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.15 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 2.1 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
|
| psirt@hcl.com | 3.7 | 1.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
|
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.