HIGH🇵🇱 Wersja polska

CVE-2026-21837

CVSS 8.7v4.0pub. 2026-06-05upd. 2026-06-10

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Hcltech Digital Experience

    APP
    Hcltech
    9.5
  • Hcltech Digital Experience Compose

    APP
    Hcltech
    9.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-37538CRITICAL9.3ten sam produkt

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...

CVE-2020-14255HIGH7.5ten sam produkt

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized...

CVE-2026-21826MEDIUM6.1ten sam produkt

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An a...

CVE-2026-21825MEDIUM6.1ten sam produkt

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the sear...

CVE-2025-62326MEDIUM6.1ten sam produkt

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interfac...