Filtered by vendor Hcltech
Subscriptions
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42447 | 1 Hcltech | 1 Hcl Compass | 2025-02-19 | 9.6 Critical |
| HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | ||||
| CVE-2023-37536 | 4 Apache, Fedoraproject, Hcltech and 1 more | 4 Xerces-c\+\+, Fedora, Bigfix Platform and 1 more | 2025-02-13 | 8.2 High |
| An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | ||||
| CVE-2023-28008 | 1 Hcltech | 1 Workload Automation | 2025-01-30 | 7.1 High |
| HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2023-28009 | 1 Hcltech | 1 Workload Automation | 2025-01-30 | 6.5 Medium |
| HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2023-45705 | 1 Hcltech | 1 Bigfix Platform | 2025-01-23 | 3.5 Low |
| An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | ||||
| CVE-2023-37531 | 1 Hcltech | 1 Bigfix Platform | 2024-12-17 | 3.3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | ||||
| CVE-2023-37530 | 1 Hcltech | 1 Bigfix Platform | 2024-12-17 | 3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | ||||
| CVE-2023-37529 | 1 Hcltech | 1 Bigfix Platform | 2024-12-17 | 3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530. | ||||
| CVE-2024-30129 | 1 Hcltech | 1 Hcl Nomad | 2024-12-06 | 5.3 Medium |
| The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. | ||||
| CVE-2023-23343 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 2.4 Low |
| A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | ||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 7 High |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | ||||
| CVE-2023-28016 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-12-05 | 3.1 Low |
| Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | ||||
| CVE-2023-28017 | 1 Hcltech | 1 Connections | 2024-12-02 | 5.4 Medium |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | ||||
| CVE-2023-28022 | 1 Hcltech | 1 Connections | 2024-12-02 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2024-30122 | 1 Hcltech | 1 Sametime | 2024-11-25 | 5.8 Medium |
| HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. | ||||
| CVE-2024-30107 | 1 Hcltech | 1 Connections | 2024-11-21 | 3.5 Low |
| HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | ||||
| CVE-2024-23588 | 1 Hcltech | 1 Nomad Server On Domino | 2024-11-21 | 5.3 Medium |
| HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. | ||||
| CVE-2024-23562 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.3 Medium |
| A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. | ||||
| CVE-2024-23556 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5.9 Medium |
| SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | ||||
| CVE-2024-23553 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | ||||