Hcltech Security Vulnerabilities
4.1CVSS
4.4AI Score
0.0004EPSS
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the...
8.8CVSS
8.7AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save...
6.5CVSS
6.1AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header...
5.4CVSS
5.2AI Score
0.0004EPSS
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web...
6.1CVSS
6AI Score
0.001EPSS
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running...
8.8CVSS
8.8AI Score
0.0005EPSS
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system,...
5.3CVSS
5.3AI Score
0.0005EPSS
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user...
9.8CVSS
9.4AI Score
0.001EPSS
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file...
4.3CVSS
4.5AI Score
0.0004EPSS
HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security...
6.1CVSS
6.2AI Score
0.0005EPSS
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special...
9.8CVSS
9.2AI Score
0.001EPSS
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the...
9.8CVSS
9.3AI Score
0.001EPSS
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain...
5.4CVSS
5.6AI Score
0.0005EPSS
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive...
8.2CVSS
7.5AI Score
0.001EPSS
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of...
9.1CVSS
9AI Score
0.001EPSS
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable...
7.6CVSS
7.3AI Score
0.001EPSS
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access...
7.1CVSS
4.7AI Score
0.0004EPSS
HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other...
8.3CVSS
6.3AI Score
0.0005EPSS
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP...
8.8CVSS
8.5AI Score
0.007EPSS
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix...
7.7CVSS
5.8AI Score
0.0005EPSS
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix...
7.7CVSS
5.6AI Score
0.0005EPSS
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed...
6.6CVSS
4.8AI Score
0.0004EPSS
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request...
6.5CVSS
6.1AI Score
0.0005EPSS
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...
5.4CVSS
5.7AI Score
0.0004EPSS
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal....
6.1CVSS
6.2AI Score
0.0005EPSS
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously...
9.8CVSS
7.9AI Score
0.001EPSS
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted...
6.1CVSS
6.2AI Score
0.001EPSS
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in...
8.8CVSS
8.7AI Score
0.001EPSS
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in.....
9.8CVSS
7.9AI Score
0.001EPSS
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the...
6.9CVSS
6.4AI Score
0.001EPSS
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal...
6.5CVSS
6.4AI Score
0.001EPSS
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously...
9.8CVSS
7.9AI Score
0.001EPSS
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application...
5.4CVSS
5.2AI Score
0.001EPSS
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other...
8.3CVSS
6.1AI Score
0.001EPSS
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described...
9.8CVSS
7.9AI Score
0.001EPSS
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid...
7.5CVSS
7.6AI Score
0.001EPSS
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described...
9.8CVSS
7.9AI Score
0.001EPSS
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in.....
9.8CVSS
7.9AI Score
0.001EPSS
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious...
9.6CVSS
8.5AI Score
0.001EPSS
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager...
8.2CVSS
5.5AI Score
0.001EPSS
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external...
6.4CVSS
5.7AI Score
0.001EPSS
HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person...
5.5CVSS
4.9AI Score
0.0004EPSS
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data...
7.7CVSS
7.4AI Score
0.001EPSS
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely...
7.8CVSS
7.5AI Score
0.0004EPSS
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the...
5.8CVSS
4.7AI Score
0.001EPSS
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the...
7.1CVSS
6.3AI Score
0.0005EPSS
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web...
9CVSS
8.7AI Score
0.001EPSS
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user...
9.8CVSS
9.5AI Score
0.001EPSS
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated...
7.8CVSS
7.7AI Score
0.0004EPSS
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways,...
8.2CVSS
8.1AI Score
0.001EPSS