CNNVD-202512-350 Information

CNNVD ID

CNNVD-202512-350

Related CVE

CVE-2025-63402

• CNNVD Published: 2025-12-03

Description (Chinese)

HCLTech DRAGON是美国HCL公司的一个数据保留 / 归档 / 大容量数据存储与检索解决方案。 HCLTech DRAGON 7.6.0之前版本存在安全漏洞，该漏洞源于API未强制执行请求数量或大小限制，可能导致远程执行任意代码。

Description (English)

HCLTech Dragon is a data retention/archive/ high-capacity data storage and retrieval solution for HCL. Prior to HCLTech Dragon 7.6.0, there was a security loophole, which stemmed from the number or size of non-enforcement requests by API, which could result in the remote implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HCL

Published

2025-12-03

Last Modified

2026-02-24

References

https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyVd/ckzaFpdm68dwd1nWqgtLfXHp3Pim_YwLUI4WcRB__Ng http://hcltech.com http://hcl.com https://access.redhat.com/security/cve/cve-2025-63402

Patch

https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyVd/ckzaFpdm68dwd1nWqgtLfXHp3Pim_YwLUI4WcRB__Ng