Filtered by vendor Hcltech
Subscriptions
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 4.9 Medium |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | ||||
| CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.9 Medium |
| The BigFix WebUI uses weak cipher suites. | ||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 4.7 Medium |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | ||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.5 Medium |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | ||||
| CVE-2023-28018 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.5 Medium |
| HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | ||||
| CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 6.6 Medium |
| HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | ||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-11-21 | 6.5 Medium |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
| CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 5.4 Medium |
| HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | ||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-11-21 | 4 Medium |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | ||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-11-21 | 6.4 Medium |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-11-21 | 6.4 Medium |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-21 | 3 Low |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | ||||
| CVE-2023-23342 | 1 Hcltech | 1 Hcl Nomad | 2024-11-21 | 6.6 Medium |
| If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | ||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||
| CVE-2022-44755 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
| HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM. | ||||
| CVE-2022-44754 | 1 Hcltech | 1 Domino | 2024-11-21 | 9.8 Critical |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. | ||||
| CVE-2022-44753 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
| HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | ||||
| CVE-2022-44752 | 1 Hcltech | 1 Domino | 2024-11-21 | 9.8 Critical |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | ||||
| CVE-2022-44751 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
| HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM. | ||||