HIGH🇬🇧 English

CVE-2026-21837

CVSS 8.7v4.0pub. 2026-06-05upd. 2026-06-10

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Hcltech Digital Experience

    APP
    Hcltech
    9.5
  • Hcltech Digital Experience Compose

    APP
    Hcltech
    9.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-37538CRITICAL9.3ten sam produkt

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...

CVE-2020-14255HIGH7.5ten sam produkt

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized...

CVE-2026-21826MEDIUM6.1ten sam produkt

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An a...

CVE-2026-21825MEDIUM6.1ten sam produkt

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the sear...

CVE-2025-62326MEDIUM6.1ten sam produkt

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interfac...

CVE-2026-21837 — HIGH 8.7 | CVEbaza.pl