8.8

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HcltechDigital Experience Version9.5 Update-
HcltechDigital Experience Version9.5 Updatecf17
HcltechDigital Experience Version9.5 Updatecf171
HcltechDigital Experience Version9.5 Updatecf172
HcltechDigital Experience Version9.5 Updatecf173
HcltechDigital Experience Version9.5 Updatecf18
HcltechDigital Experience Version9.5 Updatecf181
HcltechDigital Experience Version9.5 Updatecf182
HcltechDigital Experience Version9.5 Updatecf183
HcltechDigital Experience Version9.5 Updatecf184
HcltechDigital Experience Version9.5 Updatecf19
HcltechDigital Experience Version9.5 Updatecf191
HcltechDigital Experience Version9.5 Updatecf192
HcltechDigital Experience Version9.5 Updatecf193
HcltechDigital Experience Version9.5 Updatecf194
HcltechDigital Experience Version9.5 Updatecf195
HcltechDigital Experience Version9.5 Updatecf196
HcltechDigital Experience Version9.5 Updatecf197
HcltechDigital Experience Version9.5 Updatecf198
HcltechDigital Experience Version9.5 Updatecf199
HcltechDigital Experience Version9.5 Updatecf200
HcltechDigital Experience Version9.5 Updatecf201
HcltechDigital Experience Version9.5 Updatecf202
HcltechDigital Experience Version9.5 Updatecf203
HcltechDigital Experience Version9.5 Updatecf204
HcltechDigital Experience Version9.5 Updatecf205
HcltechDigital Experience Version9.5 Updatecf206
HcltechDigital Experience Version9.5 Updatecf207
HcltechDigital Experience Version9.5 Updatecf208
HcltechDigital Experience Version9.5 Updatecf209
HcltechDigital Experience Version9.5 Updatecf210
HcltechDigital Experience Version9.5 Updatecf211
HcltechDigital Experience Version9.5 Updatecf212
HcltechDigital Experience Version9.5 Updatecf213
HcltechDigital Experience Version9.5 Updatecf214
HcltechDigital Experience Version9.5 Updatecf215
HcltechDigital Experience Version9.5 Updatecf216
HcltechDigital Experience Version9.5 Updatecf217
HcltechDigital Experience Version9.5 Updatecf218
HcltechDigital Experience Version9.5 Updatecf219
HcltechDigital Experience Version9.5 Updatecf220
HcltechDigital Experience Version9.5 Updatecf221
HcltechDigital Experience Version9.5 Updatecf222
HcltechDigital Experience Version9.5 Updatecf223
HcltechDigital Experience Version9.5 Updatecf224
HcltechDigital Experience Version9.5 Updatecf225
HcltechDigital Experience Version9.5 Updatecf226
HcltechDigital Experience Version9.5 Updatecf227
HcltechDigital Experience Version9.5 Updatecf228
HcltechDigital Experience Version9.5 Updatecf229
HcltechDigital Experience Version9.5 Updatecf230
HcltechDigital Experience Version9.5 Updatecf231
HcltechDigital Experience Version9.5 Updatecf232
HcltechDigital Experience Version9.5 Updatecf233
HcltechDigital Experience Version9.5 Updatecf234
HcltechDigital Experience Compose Version9.5 Update-
HcltechDigital Experience Compose Version9.5 Updatecf224
HcltechDigital Experience Compose Version9.5 Updatecf225
HcltechDigital Experience Compose Version9.5 Updatecf226
HcltechDigital Experience Compose Version9.5 Updatecf227
HcltechDigital Experience Compose Version9.5 Updatecf228
HcltechDigital Experience Compose Version9.5 Updatecf229
HcltechDigital Experience Compose Version9.5 Updatecf230
HcltechDigital Experience Compose Version9.5 Updatecf231
HcltechDigital Experience Compose Version9.5 Updatecf232
HcltechDigital Experience Compose Version9.5 Updatecf233
HcltechDigital Experience Compose Version9.5 Updatecf234
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.92% 0.556
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@hcl.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849
Vendor Advisory