8.8
CVE-2026-21837
- EPSS 0.92%
- Veröffentlicht 05.06.2026 05:50:58
- Zuletzt bearbeitet 10.06.2026 19:25:09
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Digital Experience Version9.5 Update-
Hcltech ≫ Digital Experience Version9.5 Updatecf17
Hcltech ≫ Digital Experience Version9.5 Updatecf171
Hcltech ≫ Digital Experience Version9.5 Updatecf172
Hcltech ≫ Digital Experience Version9.5 Updatecf173
Hcltech ≫ Digital Experience Version9.5 Updatecf18
Hcltech ≫ Digital Experience Version9.5 Updatecf181
Hcltech ≫ Digital Experience Version9.5 Updatecf182
Hcltech ≫ Digital Experience Version9.5 Updatecf183
Hcltech ≫ Digital Experience Version9.5 Updatecf184
Hcltech ≫ Digital Experience Version9.5 Updatecf19
Hcltech ≫ Digital Experience Version9.5 Updatecf191
Hcltech ≫ Digital Experience Version9.5 Updatecf192
Hcltech ≫ Digital Experience Version9.5 Updatecf193
Hcltech ≫ Digital Experience Version9.5 Updatecf194
Hcltech ≫ Digital Experience Version9.5 Updatecf195
Hcltech ≫ Digital Experience Version9.5 Updatecf196
Hcltech ≫ Digital Experience Version9.5 Updatecf197
Hcltech ≫ Digital Experience Version9.5 Updatecf198
Hcltech ≫ Digital Experience Version9.5 Updatecf199
Hcltech ≫ Digital Experience Version9.5 Updatecf200
Hcltech ≫ Digital Experience Version9.5 Updatecf201
Hcltech ≫ Digital Experience Version9.5 Updatecf202
Hcltech ≫ Digital Experience Version9.5 Updatecf203
Hcltech ≫ Digital Experience Version9.5 Updatecf204
Hcltech ≫ Digital Experience Version9.5 Updatecf205
Hcltech ≫ Digital Experience Version9.5 Updatecf206
Hcltech ≫ Digital Experience Version9.5 Updatecf207
Hcltech ≫ Digital Experience Version9.5 Updatecf208
Hcltech ≫ Digital Experience Version9.5 Updatecf209
Hcltech ≫ Digital Experience Version9.5 Updatecf210
Hcltech ≫ Digital Experience Version9.5 Updatecf211
Hcltech ≫ Digital Experience Version9.5 Updatecf212
Hcltech ≫ Digital Experience Version9.5 Updatecf213
Hcltech ≫ Digital Experience Version9.5 Updatecf214
Hcltech ≫ Digital Experience Version9.5 Updatecf215
Hcltech ≫ Digital Experience Version9.5 Updatecf216
Hcltech ≫ Digital Experience Version9.5 Updatecf217
Hcltech ≫ Digital Experience Version9.5 Updatecf218
Hcltech ≫ Digital Experience Version9.5 Updatecf219
Hcltech ≫ Digital Experience Version9.5 Updatecf220
Hcltech ≫ Digital Experience Version9.5 Updatecf221
Hcltech ≫ Digital Experience Version9.5 Updatecf222
Hcltech ≫ Digital Experience Version9.5 Updatecf223
Hcltech ≫ Digital Experience Version9.5 Updatecf224
Hcltech ≫ Digital Experience Version9.5 Updatecf225
Hcltech ≫ Digital Experience Version9.5 Updatecf226
Hcltech ≫ Digital Experience Version9.5 Updatecf227
Hcltech ≫ Digital Experience Version9.5 Updatecf228
Hcltech ≫ Digital Experience Version9.5 Updatecf229
Hcltech ≫ Digital Experience Version9.5 Updatecf230
Hcltech ≫ Digital Experience Version9.5 Updatecf231
Hcltech ≫ Digital Experience Version9.5 Updatecf232
Hcltech ≫ Digital Experience Version9.5 Updatecf233
Hcltech ≫ Digital Experience Version9.5 Updatecf234
Hcltech ≫ Digital Experience Compose Version9.5 Update-
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf224
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf225
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf226
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf227
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf228
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf229
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf230
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf231
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf232
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf233
Hcltech ≫ Digital Experience Compose Version9.5 Updatecf234
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.556 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@hcl.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849