Primary

Context

HCL Connections Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in HCL Connections versions 7.0 and 8.0. This issue arises in specific user navigation scenarios, where a user may unintentionally access limited internal metadata through their browser.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal metadata, allowing users to obtain limited information that should not be publicly available.

Remediation

Users of HCL Connections 8.0 should upgrade to Cumulative Fixpack HCL Connections v8.0 CR11 or later. Users of HCL Connections 7.0 should upgrade to the latest Cumulative Fixpack for HCL Connections v7.0 and install KB0124242.

Added: Feb 20, 2026, 5:30 PM

Updated: Feb 20, 2026, 5:30 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.3

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.3

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Connections Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL Connections

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating