Filtered by vendor Hcltech
Subscriptions
Total
189 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-10-15 | 5.4 Medium |
| HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | ||||
| CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-10-15 | 6.6 Medium |
| HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | ||||
| CVE-2024-30118 | 1 Hcltech | 1 Connections | 2024-10-10 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. | ||||
| CVE-2023-23342 | 1 Hcltech | 1 Hcl Nomad | 2024-10-09 | 6.6 Medium |
| If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | ||||
| CVE-2024-23586 | 1 Hcltech | 3 Domino, Hcl Nomad, Nomad Server On Domino | 2024-10-07 | 5.3 Medium |
| HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. | ||||
| CVE-2023-37511 | 1 Hcltech | 1 Traveler To Do | 2024-10-04 | 3.5 Low |
| If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | ||||
| CVE-2023-37513 | 1 Hcltech | 1 Traveler To Do | 2024-10-04 | 3.3 Low |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | ||||
| CVE-2023-37512 | 1 Hcltech | 1 Traveler Companion | 2024-10-04 | 3.3 Low |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | ||||
| CVE-2024-30134 | 1 Hcltech | 1 Traveler | 2024-09-30 | 6.7 Medium |
| The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. | ||||
| CVE-2023-37496 | 1 Hcltech | 1 Verse | 2024-09-27 | 8.3 High |
| HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
| CVE-2023-37499 | 1 Hcltech | 1 Unica | 2024-09-27 | 8.1 High |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks. | ||||
| CVE-2023-37500 | 1 Hcltech | 1 Unica | 2024-09-27 | 8.1 High |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks. | ||||
| CVE-2023-37501 | 1 Hcltech | 1 Unica | 2024-09-27 | 8.1 High |
| A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks. | ||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-09-26 | 4 Medium |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | ||||
| CVE-2024-30128 | 1 Hcltech | 1 Nomad Server On Domino | 2024-09-26 | 8.6 High |
| HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information. | ||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-09-18 | 6.5 Medium |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-09-18 | 6.5 Medium |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2024-09-18 | 9.3 Critical |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | ||||
| CVE-2023-37532 | 1 Hcltech | 1 Commerce | 2024-09-17 | 5.8 Medium |
| HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | ||||
| CVE-2021-27759 | 1 Hcltech | 1 Bigfix Inventory | 2024-09-17 | 2.3 Low |
| This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. | ||||