CVE-2020-4083 : HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via

HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.

Published 2020-03-05 19:15:12

Updated 2020-03-06 15:00:10

Source HCL Software

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-4083

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-532 Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Assigned by: nvd@nist.gov (Primary)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075503

Security Bulletin: HCL Connections Security Update (CVE-2020-4083) - HCL KB0075503
Exploit;Patch;Vendor Advisory

Hcltech » Connections » Version: 6.5
cpe:2.3:a:hcltech:connections:6.5:*:*:*:*:*:*:*
Matching versions