Filtered by vendor Hcltech
Subscribe
Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2023-12-10 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2023-37532 | 1 Hcltech | 1 Commerce | 2023-12-10 | N/A | 4.3 MEDIUM |
| HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | |||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2023-12-10 | N/A | 6.1 MEDIUM |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2023-37504 | 1 Hcltech | 1 Hcl Compass | 2023-12-10 | N/A | 6.5 MEDIUM |
| HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user. | |||||
| CVE-2023-28021 | 1 Hcltech | 1 Bigfix Webui | 2023-12-10 | N/A | 7.5 HIGH |
| The BigFix WebUI uses weak cipher suites. | |||||
| CVE-2023-37499 | 1 Hcltech | 1 Unica | 2023-12-10 | N/A | 6.1 MEDIUM |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-37503 | 1 Hcltech | 1 Hcl Compass | 2023-12-10 | N/A | 9.8 CRITICAL |
| HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2023-12-10 | N/A | 8.2 HIGH |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | |||||
| CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2023-12-10 | N/A | 7.1 HIGH |
| HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||||
| CVE-2023-37500 | 1 Hcltech | 1 Unica | 2023-12-10 | N/A | 6.1 MEDIUM |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2023-12-10 | N/A | 6.5 MEDIUM |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | |||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2023-12-10 | N/A | 6.1 MEDIUM |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2023-12-10 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-37513 | 1 Hcltech | 1 Traveler To Do | 2023-12-10 | N/A | 5.5 MEDIUM |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | |||||
| CVE-2022-42447 | 1 Hcltech | 1 Hcl Compass | 2023-12-10 | N/A | 8.8 HIGH |
| HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | |||||
| CVE-2023-28006 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2023-12-10 | N/A | 7.8 HIGH |
| The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||||
| CVE-2023-28008 | 1 Hcltech | 1 Workload Automation | 2023-12-10 | N/A | 8.1 HIGH |
| HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2023-12-10 | N/A | 6.5 MEDIUM |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||
| CVE-2023-28016 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2023-12-10 | N/A | 6.1 MEDIUM |
| Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | |||||
| CVE-2023-28009 | 1 Hcltech | 1 Workload Automation | 2023-12-10 | N/A | 8.1 HIGH |
| HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||