Filtered by vendor Hcltech
Subscriptions
Total
189 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-14224 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user. | ||||
CVE-2020-14223 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 6.1 Medium |
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. | ||||
CVE-2020-14222 | 1 Hcltech | 1 Hcl Digital Experience | 2024-11-21 | 6.1 Medium |
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | ||||
CVE-2020-14221 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 4.9 Medium |
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | ||||
CVE-2019-4409 | 1 Hcltech | 1 Traveler | 2024-11-21 | 5.4 Medium |
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability. | ||||
CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-11-21 | 9.8 Critical |
HCL AppScan Standard is vulnerable to excessive authorization attempts | ||||
CVE-2019-4392 | 1 Hcltech | 1 Appscan | 2024-11-21 | 9.8 Critical |
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | ||||
CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-11-21 | 8.2 High |
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | ||||
CVE-2019-4388 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 4.8 Medium |
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. | ||||
CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-11-21 | 7.5 High |
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | ||||
CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2024-11-21 | 7.5 High |
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | ||||
CVE-2019-4325 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.3 Medium |
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | ||||
CVE-2019-4324 | 1 Hcltech | 1 Appscan | 2024-11-21 | 6.1 Medium |
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | ||||
CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 Medium |
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | ||||
CVE-2019-4301 | 1 Hcltech | 1 Self-service Application | 2024-11-21 | 8.4 High |
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. | ||||
CVE-2019-4209 | 1 Hcltech | 1 Connections | 2024-11-21 | 6.1 Medium |
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | ||||
CVE-2019-4091 | 1 Hcltech | 1 Marketing Campaign | 2024-11-21 | 5.4 Medium |
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. " | ||||
CVE-2019-4090 | 1 Hcltech | 1 Marketing Campaign | 2024-11-21 | 5.4 Medium |
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | ||||
CVE-2019-16188 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 7.1 High |
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. | ||||
CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2024-11-21 | N/A |
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). |