Filtered by vendor Hcltech
Subscriptions
Total
189 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-08 | 3 Low |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | ||||
| CVE-2024-30106 | 1 Hcltech | 1 Connections | 2024-11-08 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. | ||||
| CVE-2024-30122 | 1 Hcltech | 1 Sametime | 2024-11-06 | 5.8 Medium |
| HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. | ||||
| CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | 3.6 Low |
| HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. | ||||
| CVE-2024-23588 | 1 Hcltech | 1 Nomad Server On Domino | 2024-10-30 | 5.3 Medium |
| HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. | ||||
| CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-10-29 | 6.4 Medium |
| HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-10-29 | 6.4 Medium |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
| CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-10-29 | 4.6 Medium |
| Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | ||||
| CVE-2023-45698 | 1 Hcltech | 1 Sametime Chat And Meetings | 2024-10-28 | 4.8 Medium |
| Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | ||||
| CVE-2024-23556 | 1 Hcltech | 1 Bigfix Platform | 2024-10-27 | 5.9 Medium |
| SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | ||||
| CVE-2024-23562 | 1 Hcltech | 1 Domino | 2024-10-23 | 5.3 Medium |
| A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. | ||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-10-23 | 6.5 Medium |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-10-21 | 5.5 Medium |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | ||||
| CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2024-10-21 | 5.9 Medium |
| The BigFix WebUI uses weak cipher suites. | ||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-10-21 | 4.7 Medium |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | ||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-10-21 | 4.9 Medium |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | ||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2024-10-17 | 2.5 Low |
| A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | ||||
| CVE-2023-37498 | 1 Hcltech | 1 Unica | 2024-10-17 | 8.1 High |
| A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | ||||
| CVE-2023-37497 | 1 Hcltech | 1 Unica | 2024-10-17 | 8.1 High |
| The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. | ||||
| CVE-2023-28018 | 1 Hcltech | 1 Connections | 2024-10-16 | 5.5 Medium |
| HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | ||||