Vulnerabilites related to hcltech - intelliops_event_management
Vulnerability from fkie_nvd
Published
2025-07-25 01:15
Modified
2025-10-09 19:55
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | intelliops_event_management | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:intelliops_event_management:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF519A2-D7B5-459C-89C0-EFB0DDEF7168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL IEM is affected by a concurrent login vulnerability.\u00a0 The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks."
},
{
"lang": "es",
"value": "HCL IEM se ve afectado por una vulnerabilidad de inicio de sesi\u00f3n simult\u00e1neo. La aplicaci\u00f3n permite m\u00faltiples sesiones simult\u00e1neas con las mismas credenciales de usuario, lo que puede suponer riesgos de seguridad."
}
],
"id": "CVE-2025-0251",
"lastModified": "2025-10-09T19:55:49.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-25T01:15:44.613",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-25 01:15
Modified
2025-10-09 19:55
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | intelliops_event_management | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:intelliops_event_management:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF519A2-D7B5-459C-89C0-EFB0DDEF7168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL IEM is affected by a password in cleartext vulnerability.\u00a0 Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit."
},
{
"lang": "es",
"value": "HCL IEM se ve afectado por una vulnerabilidad de contrase\u00f1a en texto plano. La informaci\u00f3n confidencial se transmite sin la protecci\u00f3n adecuada, lo que podr\u00eda exponerla a accesos no autorizados durante su transmisi\u00f3n."
}
],
"id": "CVE-2025-0252",
"lastModified": "2025-10-09T19:55:25.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-25T01:15:45.210",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-25 00:15
Modified
2025-10-09 19:55
Severity ?
3.3 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without authorization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | intelliops_event_management | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:intelliops_event_management:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF519A2-D7B5-459C-89C0-EFB0DDEF7168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.\u00a0 A token was not invalidated which may allow attackers to access sensitive data without authorization."
},
{
"lang": "es",
"value": "HCL IEM se ve afectado por una vulnerabilidad de invalidaci\u00f3n de acceso indebida o de token JWT. Un token no fue invalidado, lo que podr\u00eda permitir a atacantes acceder a datos confidenciales sin autorizaci\u00f3n."
}
],
"id": "CVE-2025-0249",
"lastModified": "2025-10-09T19:55:41.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-25T00:15:24.627",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-25 00:15
Modified
2025-10-09 19:55
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | intelliops_event_management | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:intelliops_event_management:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF519A2-D7B5-459C-89C0-EFB0DDEF7168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL IEM is affected by an authorization token sent in cookie vulnerability.\u00a0 A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks."
},
{
"lang": "es",
"value": "HCL IEM se ve afectado por un token de autorizaci\u00f3n enviado en una vulnerabilidad de cookies. Un token utilizado para autenticaci\u00f3n y autorizaci\u00f3n se gestiona de una manera que puede aumentar su exposici\u00f3n a riesgos de seguridad."
}
],
"id": "CVE-2025-0250",
"lastModified": "2025-10-09T19:55:34.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-25T00:15:24.810",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-25 01:15
Modified
2025-10-09 19:49
Severity ?
2.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Summary
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | intelliops_event_management | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:intelliops_event_management:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF519A2-D7B5-459C-89C0-EFB0DDEF7168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities."
},
{
"lang": "es",
"value": "HCL IEM se ve afectado por una vulnerabilidad de atributo de cookie no configurado debido a la inconsistencia de ciertas configuraciones relacionadas con la seguridad, lo que podr\u00eda aumentar la exposici\u00f3n a posibles vulnerabilidades."
}
],
"id": "CVE-2025-0253",
"lastModified": "2025-10-09T19:49:08.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-25T01:15:45.363",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
CVE-2025-0251 (GCVE-0-2025-0251)
Vulnerability from cvelistv5
Published
2025-07-25 00:06
Modified
2025-07-25 13:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - Session Fixation
Summary
HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | IEM |
Version: 1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:20:06.213346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:20:11.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by a concurrent login vulnerability.\u0026nbsp; The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks."
}
],
"value": "HCL IEM is affected by a concurrent login vulnerability.\u00a0 The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:20:54.150Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HCL IEM is affected by a concurrent login vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0251",
"datePublished": "2025-07-25T00:06:08.416Z",
"dateReserved": "2025-01-06T16:00:26.083Z",
"dateUpdated": "2025-07-25T13:20:11.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0249 (GCVE-0-2025-0249)
Vulnerability from cvelistv5
Published
2025-07-24 23:19
Modified
2025-07-25 13:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | IEM |
Version: 1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:28:18.569064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:28:25.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.\u0026nbsp; A token was not invalidated which may allow attackers to access sensitive data without authorization."
}
],
"value": "HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.\u00a0 A token was not invalidated which may allow attackers to access sensitive data without authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:37:41.426Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HCL IEM is affected by an improper invalidation of access or JWT token vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0249",
"datePublished": "2025-07-24T23:19:20.328Z",
"dateReserved": "2025-01-06T16:00:15.888Z",
"dateUpdated": "2025-07-25T13:28:25.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0252 (GCVE-0-2025-0252)
Vulnerability from cvelistv5
Published
2025-07-25 00:08
Modified
2025-07-25 13:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | IEM |
Version: 1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:18:50.215903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:19:00.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by a password in cleartext vulnerability.\u0026nbsp; Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit."
}
],
"value": "HCL IEM is affected by a password in cleartext vulnerability.\u00a0 Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:19:29.552Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HCL IEM is affected by a password in cleartext vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0252",
"datePublished": "2025-07-25T00:08:13.901Z",
"dateReserved": "2025-01-06T16:00:27.548Z",
"dateUpdated": "2025-07-25T13:19:00.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0253 (GCVE-0-2025-0253)
Vulnerability from cvelistv5
Published
2025-07-25 00:16
Modified
2025-07-25 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - Session Fixation
Summary
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | IEM |
Version: 1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:18:25.012399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:18:29.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.\u003cbr\u003e"
}
],
"value": "HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:16:19.560Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL IEM is affected by a cookie attribute not set vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0253",
"datePublished": "2025-07-25T00:16:19.560Z",
"dateReserved": "2025-01-06T16:00:28.871Z",
"dateUpdated": "2025-07-25T13:18:29.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0250 (GCVE-0-2025-0250)
Vulnerability from cvelistv5
Published
2025-07-24 23:28
Modified
2025-07-25 13:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122368 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | IEM |
Version: 1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:27:53.816295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:28:04.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by an authorization token sent in cookie vulnerability.\u0026nbsp; A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks."
}
],
"value": "HCL IEM is affected by an authorization token sent in cookie vulnerability.\u00a0 A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:36:16.177Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HCL IEM is affected by an authorization token sent in cookie vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0250",
"datePublished": "2025-07-24T23:28:00.736Z",
"dateReserved": "2025-01-06T16:00:24.479Z",
"dateUpdated": "2025-07-25T13:28:04.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}