Filtered by vendor Hcltech
Subscribe
Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38658 | 2 Hcltech, Microsoft | 2 Bigfix Server Automation, Windows | 2025-04-15 | N/A | 7.5 HIGH |
| BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed. | |||||
| CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2025-04-02 | N/A | 7.5 HIGH |
| HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
| CVE-2023-45705 | 1 Hcltech | 1 Bigfix Platform | 2025-03-28 | N/A | 7.2 HIGH |
| An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | |||||
| CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2025-03-26 | N/A | 5.4 MEDIUM |
| An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | |||||
| CVE-2021-27788 | 1 Hcltech | 1 Verse | 2025-02-27 | N/A | 6.1 MEDIUM |
| HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2022-42447 | 1 Hcltech | 1 Hcl Compass | 2025-02-19 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | |||||
| CVE-2024-30122 | 1 Hcltech | 1 Sametime | 2024-11-25 | N/A | 5.3 MEDIUM |
| HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. | |||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-08 | N/A | 6.5 MEDIUM |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||
| CVE-2024-30106 | 1 Hcltech | 1 Connections | 2024-11-08 | N/A | 4.3 MEDIUM |
| HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. | |||||
| CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | N/A | 5.3 MEDIUM |
| HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. | |||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-10-29 | N/A | 7.1 HIGH |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-10-29 | N/A | 7.1 HIGH |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-10-29 | N/A | 4.4 MEDIUM |
| Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | |||||
| CVE-2023-45698 | 1 Hcltech | 1 Sametime Chat And Meetings | 2024-10-28 | N/A | 6.1 MEDIUM |
| Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | |||||
| CVE-2024-23562 | 1 Hcltech | 1 Domino | 2024-10-23 | N/A | 7.5 HIGH |
| A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. | |||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2024-10-17 | N/A | 5.3 MEDIUM |
| A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | |||||
| CVE-2023-28018 | 1 Hcltech | 1 Connections | 2024-10-16 | N/A | 6.5 MEDIUM |
| HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | |||||
| CVE-2024-30118 | 1 Hcltech | 1 Connections | 2024-10-10 | N/A | 5.7 MEDIUM |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. | |||||
| CVE-2024-23586 | 1 Hcltech | 2 Domino, Hcl Nomad | 2024-10-07 | N/A | 7.5 HIGH |
| HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. | |||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-09-26 | N/A | 5.3 MEDIUM |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | |||||