Description
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077954
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
41.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (3)
hcltech/connections
5.5
hcltech/connections
6.0
hcltech/connections
6.5
Published
May 01, 2020
Tracked Since
Feb 18, 2026