Filtered by vendor Hcltech
Subscriptions
Total
178 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37539 | 1 Hcltech | 1 Domino | 2024-08-02 | 8.4 High |
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. | ||||
CVE-2023-37501 | 1 Hcltech | 1 Unica | 2024-08-02 | 8.1 High |
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks. | ||||
CVE-2023-37518 | 1 Hcltech | 1 Bigfix Servicenow Data Flow | 2024-08-02 | 6.4 Medium |
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | ||||
CVE-2023-37500 | 1 Hcltech | 1 Unica | 2024-08-02 | 8.1 High |
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks. | ||||
CVE-2023-37528 | 1 Hcltech | 1 Bigfix Platform | 2024-08-02 | 6.5 Medium |
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | ||||
CVE-2023-37511 | 1 Hcltech | 1 Traveler To Do | 2024-08-02 | 3.5 Low |
If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | ||||
CVE-2023-37513 | 1 Hcltech | 1 Traveler To Do | 2024-08-02 | 3.3 Low |
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | ||||
CVE-2023-37520 | 1 Hcltech | 1 Bigfix Platform | 2024-08-02 | 7.7 High |
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay. | ||||
CVE-2023-37499 | 1 Hcltech | 1 Unica | 2024-08-02 | 8.1 High |
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks. | ||||
CVE-2023-37496 | 1 Hcltech | 1 Verse | 2024-08-02 | 8.3 High |
HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
CVE-2023-37512 | 1 Hcltech | 1 Traveler Companion | 2024-08-02 | 3.3 Low |
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | ||||
CVE-2023-37497 | 1 Hcltech | 1 Unica | 2024-08-02 | 8.1 High |
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. | ||||
CVE-2023-37519 | 1 Hcltech | 1 Bigfix Platform | 2024-08-02 | 7.7 High |
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. | ||||
CVE-2023-37498 | 1 Hcltech | 1 Unica | 2024-08-02 | 8.1 High |
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | ||||
CVE-2023-28016 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-08-02 | 3.1 Low |
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | ||||
CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-08-02 | 4.7 Medium |
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | ||||
CVE-2023-28025 | 1 Hcltech | 1 Bigfix Modern Client Management | 2024-08-02 | 6.6 Medium |
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage. | ||||
CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-08-02 | 4.9 Medium |
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | ||||
CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-08-02 | 5.4 Medium |
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | ||||
CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-08-02 | 7 High |
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. |