HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHcltech Digital Experience
APPHcltech9.5Hcltech Digital Experience Compose
APPHcltech9.5
Related vulnerabilities
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized...
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An a...
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the sear...
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interfac...