Filtered by vendor Hcltech
Subscriptions
Total
211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 4.7 Medium |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | ||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.5 Medium |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | ||||
| CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 6.6 Medium |
| HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | ||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-11-21 | 6.5 Medium |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
| CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 5.4 Medium |
| HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | ||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-11-21 | 4 Medium |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | ||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-11-21 | 6.4 Medium |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-11-21 | 6.4 Medium |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-21 | 3 Low |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | ||||
| CVE-2023-23342 | 1 Hcltech | 1 Hcl Nomad | 2024-11-21 | 6.6 Medium |
| If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | ||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||
| CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-11-21 | 4.6 Medium |
| Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | ||||
| CVE-2022-27563 | 1 Hcltech | 1 Versionvault Express | 2024-11-21 | 7.5 High |
| An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. | ||||
| CVE-2022-27561 | 1 Hcltech | 1 Traveler | 2024-11-21 | 7.5 High |
| There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). | ||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2024-11-21 | 6 Medium |
| HCL VersionVault Express exposes administrator credentials. | ||||
| CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | 5.9 Medium |
| HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | ||||
| CVE-2022-27547 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | 6.1 Medium |
| HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. | ||||
| CVE-2022-27546 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | 8.3 High |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. | ||||
| CVE-2022-27545 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 4.6 Medium |
| BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | ||||