Filtered by vendor Hcltech
Subscribe
Total
177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-02-28 | N/A | 4.4 MEDIUM |
| Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | |||||
| CVE-2023-37496 | 1 Hcltech | 1 Verse | 2024-02-28 | N/A | 5.4 MEDIUM |
| HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-02-28 | N/A | 6.5 MEDIUM |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | |||||
| CVE-2023-37500 | 1 Hcltech | 1 Unica | 2024-02-28 | N/A | 6.1 MEDIUM |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-02-28 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2024-02-28 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-37513 | 1 Hcltech | 1 Traveler To Do | 2024-02-28 | N/A | 5.5 MEDIUM |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | |||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-02-28 | N/A | 8.8 HIGH |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | |||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-02-28 | N/A | 6.1 MEDIUM |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2024-02-28 | N/A | 6.1 MEDIUM |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | |||||
| CVE-2023-37504 | 1 Hcltech | 1 Hcl Compass | 2024-02-28 | N/A | 6.5 MEDIUM |
| HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user. | |||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-02-28 | N/A | 7.1 HIGH |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-02-28 | N/A | 6.1 MEDIUM |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-02-28 | N/A | 5.3 MEDIUM |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | |||||
| CVE-2023-37532 | 1 Hcltech | 1 Commerce | 2024-02-28 | N/A | 4.3 MEDIUM |
| HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | |||||
| CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2024-02-28 | N/A | 7.5 HIGH |
| The BigFix WebUI uses weak cipher suites. | |||||
| CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-02-28 | N/A | 5.4 MEDIUM |
| HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | |||||
| CVE-2023-37497 | 1 Hcltech | 1 Unica | 2024-02-28 | N/A | 8.8 HIGH |
| The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. | |||||
| CVE-2023-37498 | 1 Hcltech | 1 Unica | 2024-02-28 | N/A | 8.8 HIGH |
| A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | |||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-02-28 | N/A | 7.8 HIGH |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||||