Filtered by vendor Hcltech Subscriptions
Total 193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-4209 1 Hcltech 1 Connections 2024-11-21 6.1 Medium
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
CVE-2019-4091 1 Hcltech 1 Marketing Campaign 2024-11-21 5.4 Medium
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "
CVE-2019-4090 1 Hcltech 1 Marketing Campaign 2024-11-21 5.4 Medium
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
CVE-2019-16188 1 Hcltech 1 Appscan Source 2024-11-21 7.1 High
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks.
CVE-2018-11518 1 Hcltech 2 Legacy Ivr, Legacy Ivr Firmware 2024-11-21 N/A
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).
CVE-2017-1712 1 Hcltech 1 Domino 2024-11-21 5.9 Medium
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
CVE-2024-30106 1 Hcltech 1 Connections 2024-11-08 3.5 Low
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
CVE-2023-50355 1 Hcltech 1 Sametime 2024-10-31 3.6 Low
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.
CVE-2024-30117 1 Hcltech 1 Bigfix Platform 2024-10-18 2.5 Low
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
CVE-2024-30118 1 Hcltech 1 Connections 2024-10-10 3.5 Low
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.
CVE-2024-23586 1 Hcltech 3 Domino, Hcl Nomad, Nomad Server On Domino 2024-10-07 5.3 Medium
HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.
CVE-2024-30134 1 Hcltech 1 Traveler 2024-09-30 6.7 Medium
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.
CVE-2024-30128 1 Hcltech 1 Nomad Server On Domino 2024-09-26 8.6 High
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.