CVE-2025-62340

LOW 3.1

HCL iControl was affected by Inadequate Session Timeout vulnerability

CVSS Score

3.1

EPSS Score

0.0%

EPSS Percentile

0th

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

CWE	CWE-613
Vendor	hcl software
Product	icontrol
Published	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for hcl software icontrol

Be the first to know when new low vulnerabilities affecting hcl software icontrol are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

HCL Software / iControl

v4.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.hcl-software.com: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131511