Filtered by vendor Hcltech
Subscriptions
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42447 | 1 Hcltech | 1 Hcl Compass | 2025-02-19 | 9.6 Critical |
| HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | ||||
| CVE-2023-37536 | 4 Apache, Fedoraproject, Hcltech and 1 more | 4 Xerces-c\+\+, Fedora, Bigfix Platform and 1 more | 2025-02-13 | 8.2 High |
| An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | ||||
| CVE-2023-28008 | 1 Hcltech | 1 Workload Automation | 2025-01-30 | 7.1 High |
| HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2023-28009 | 1 Hcltech | 1 Workload Automation | 2025-01-30 | 6.5 Medium |
| HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2024-30129 | 1 Hcltech | 1 Hcl Nomad | 2024-12-06 | 5.3 Medium |
| The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. | ||||
| CVE-2023-23343 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 2.4 Low |
| A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | ||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 7 High |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | ||||
| CVE-2023-28016 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 3.1 Low |
| Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | ||||
| CVE-2023-28017 | 1 Hcltech | 1 Connections | 2024-12-02 | 5.4 Medium |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | ||||
| CVE-2023-28022 | 1 Hcltech | 1 Connections | 2024-12-02 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2024-30122 | 1 Hcltech | 1 Sametime | 2024-11-25 | 5.8 Medium |
| HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. | ||||
| CVE-2024-30107 | 1 Hcltech | 1 Connections | 2024-11-21 | 3.5 Low |
| HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | ||||
| CVE-2024-23588 | 1 Hcltech | 1 Nomad Server On Domino | 2024-11-21 | 5.3 Medium |
| HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. | ||||
| CVE-2024-23562 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.3 Medium |
| A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. | ||||
| CVE-2024-23556 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5.9 Medium |
| SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | ||||
| CVE-2023-45698 | 1 Hcltech | 1 Sametime Chat And Meetings | 2024-11-21 | 4.8 Medium |
| Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | ||||
| CVE-2023-37539 | 1 Hcltech | 1 Domino | 2024-11-21 | 8.4 High |
| The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. | ||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 9.3 Critical |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | ||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-11-21 | 7.8 High |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | ||||
| CVE-2023-37533 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.4 Medium |
| HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | ||||