製品・ソフトウェアに関する情報

JVN脆弱性詳細

HCL Technologies Limitedのdigital experience等の複数製品におけるOS コマンドインジェクションの脆弱性

タイトル	HCL Technologies Limitedのdigital experience等の複数製品におけるOS コマンドインジェクションの脆弱性
概要	HCL Digital Experienceには、Digital Asset Management APIにOSコマンドインジェクションの脆弱性があります。この脆弱性により、攻撃者は任意のオペレーティングシステムコマンドを実行できます。通常、この攻撃は脆弱なアプリケーションの権限を引き継ぐため、システム全体の乗っ取りやデータの漏洩につながる可能性があります。
想定される影響	・当該ソフトウェアが扱う全ての情報が外部に漏れる可能性があります。・当該ソフトウェアが扱う全ての情報が書き換えられる可能性があります。・当該ソフトウェアが完全に停止する可能性があります。
対策	ベンダ情報を参照して適切な対策を実施してください。
公表日	2026年6月5日0:00
登録日	2026年6月11日16:14
最終更新日	2026年6月11日16:14

CVSS3.0 : 重要
スコア	8.8
ベクター	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

影響を受けるシステム

HCL Technologies Limited

digital experience 9.5

Digital Experience Compose 9.5

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-21837	https://www.cve.org/CVERecord?id=CVE-2026-21837
National Vulnerability Database (NVD)
2	CVE-2026-21837	https://nvd.nist.gov/vuln/detail/CVE-2026-21837

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-78	https://jvndb.jvn.jp/ja/cwe/CWE-78.html

ベンダー情報

No	名前	URL
Security Bulletin
1	Security Bulletin: HCL Digital Experience and Digital Experience Compose may be affected by multiple vulnerabilities	https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849

変更履歴

No	変更内容	変更日
1	[2026年06月11日] 掲載	2026年6月11日16:14

NVD脆弱性情報

CVE-2026-21837

概要	HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
公表日	2026年6月5日16:16
登録日	2026年6月6日4:17
最終更新日	2026年6月11日4:25

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:hcltech:digital_experience:9.5:-::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf17::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf171::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf172::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf173::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf18::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf181::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf182::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf183::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf184::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf19::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf191::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf192::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf193::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf194::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf195::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf196::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf197::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf198::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf199::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf200::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf201::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf202::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf203::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf204::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf205::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf206::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf207::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf208::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf209::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf210::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf211::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf212::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf213::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf214::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf215::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf216::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf217::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf218::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf219::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf220::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf221::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf222::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf223::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf224::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf225::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf226::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf227::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf228::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf229::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf230::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf231::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf232::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf233::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf234::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:-::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf224::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf225::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf226::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf227::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf228::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf229::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf230::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf231::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf232::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf233::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf234::::::

構成1	以上	以下	より上	未満
cpe:2.3:a:hcltech:digital_experience:9.5:-::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf17::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf171::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf172::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf173::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf18::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf181::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf182::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf183::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf184::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf19::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf191::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf192::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf193::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf194::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf195::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf196::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf197::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf198::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf199::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf200::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf201::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf202::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf203::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf204::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf205::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf206::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf207::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf208::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf209::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf210::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf211::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf212::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf213::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf214::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf215::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf216::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf217::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf218::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf219::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf220::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf221::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf222::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf223::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf224::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf225::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf226::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf227::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf228::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf229::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf230::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf231::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf232::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf233::::::
cpe:2.3:a:hcltech:digital_experience:9.5:cf234::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:-::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf224::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf225::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf226::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf227::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf228::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf229::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf230::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf231::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf232::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf233::::::
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf234::::::