Filtered by vendor Hcltech
Subscribe
Total
175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38658 | 2 Hcltech, Microsoft | 2 Bigfix Server Automation, Windows | 2023-11-07 | N/A | 7.5 HIGH |
| BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed. | |||||
| CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2023-11-07 | N/A | 5.4 MEDIUM |
| An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | |||||
| CVE-2022-38655 | 1 Hcltech | 1 Bigfix Webui | 2023-11-07 | N/A | 5.8 MEDIUM |
| BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | |||||
| CVE-2022-38654 | 1 Hcltech | 1 Domino | 2023-11-07 | N/A | 5.5 MEDIUM |
| HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. | |||||
| CVE-2022-38653 | 1 Hcltech | 1 Digital Experience | 2023-11-07 | N/A | 5.4 MEDIUM |
| In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | |||||
| CVE-2021-27788 | 1 Hcltech | 1 Verse | 2023-11-07 | N/A | 6.1 MEDIUM |
| HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2023-11-07 | N/A | 7.5 HIGH |
| HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
| CVE-2023-37532 | 1 Hcltech | 1 Commerce | 2023-10-30 | N/A | 4.3 MEDIUM |
| HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-37504 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | N/A | 6.5 MEDIUM |
| HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user. | |||||
| CVE-2023-37503 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | N/A | 9.8 CRITICAL |
| HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2023-10-24 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2023-10-23 | N/A | 4.4 MEDIUM |
| Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | |||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2023-10-23 | N/A | 8.2 HIGH |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | |||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2023-10-23 | N/A | 5.3 MEDIUM |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | |||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2023-10-18 | N/A | 6.1 MEDIUM |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | |||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2023-09-12 | N/A | 5.3 MEDIUM |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | |||||
| CVE-2023-37511 | 1 Hcltech | 1 Traveler To Do | 2023-08-17 | N/A | 4.3 MEDIUM |
| If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | |||||
| CVE-2023-37513 | 1 Hcltech | 1 Traveler To Do | 2023-08-17 | N/A | 5.5 MEDIUM |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | |||||
| CVE-2023-37512 | 1 Hcltech | 1 Traveler Companion | 2023-08-17 | N/A | 5.5 MEDIUM |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | |||||