Filtered by vendor Hcltech
Subscribe
Total
177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50349 | 1 Hcltech | 1 Sametime | 2024-02-28 | N/A | 8.8 HIGH |
| Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. | |||||
| CVE-2023-45722 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 9.8 CRITICAL |
| HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. | |||||
| CVE-2023-50351 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 9.1 CRITICAL |
| HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | |||||
| CVE-2023-37533 | 1 Hcltech | 1 Connections | 2024-02-28 | N/A | 6.1 MEDIUM |
| HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | |||||
| CVE-2023-28022 | 1 Hcltech | 1 Connections | 2024-02-28 | N/A | 6.5 MEDIUM |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||||
| CVE-2023-45723 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 9.8 CRITICAL |
| HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. | |||||
| CVE-2024-23553 | 1 Hcltech | 1 Bigfix Platform | 2024-02-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | |||||
| CVE-2023-50348 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 5.3 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. | |||||
| CVE-2023-50346 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 4.3 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | |||||
| CVE-2023-37528 | 1 Hcltech | 1 Bigfix Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | |||||
| CVE-2023-37511 | 1 Hcltech | 1 Traveler To Do | 2024-02-28 | N/A | 4.3 MEDIUM |
| If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | |||||
| CVE-2023-37499 | 1 Hcltech | 1 Unica | 2024-02-28 | N/A | 6.1 MEDIUM |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-37512 | 1 Hcltech | 1 Traveler Companion | 2024-02-28 | N/A | 5.5 MEDIUM |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | |||||
| CVE-2023-23342 | 1 Hcltech | 1 Hcl Nomad | 2024-02-28 | N/A | 7.1 HIGH |
| If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | |||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-02-28 | N/A | 7.1 HIGH |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-02-28 | N/A | 5.3 MEDIUM |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | |||||
| CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-02-28 | N/A | 8.8 HIGH |
| HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | |||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-02-28 | N/A | 8.2 HIGH |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | |||||
| CVE-2023-37503 | 1 Hcltech | 1 Hcl Compass | 2024-02-28 | N/A | 9.8 CRITICAL |
| HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||||
| CVE-2023-37501 | 1 Hcltech | 1 Unica | 2024-02-28 | N/A | 6.1 MEDIUM |
| A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks. | |||||