Filtered by vendor Hcltech
Subscriptions
Total
193 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-28018 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.5 Medium |
HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | ||||
CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 6.6 Medium |
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | ||||
CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-11-21 | 6.5 Medium |
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 5.4 Medium |
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | ||||
CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-11-21 | 4 Medium |
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | ||||
CVE-2023-28009 | 1 Hcltech | 1 Workload Automation | 2024-11-21 | 6.5 Medium |
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
CVE-2023-28008 | 1 Hcltech | 1 Workload Automation | 2024-11-21 | 7.1 High |
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
CVE-2023-23347 | 1 Hcltech | 1 Dryice Iautomate | 2024-11-21 | 6.4 Medium |
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
CVE-2023-23346 | 1 Hcltech | 1 Dryice Mycloud | 2024-11-21 | 6.4 Medium |
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||||
CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-21 | 3 Low |
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | ||||
CVE-2023-23342 | 1 Hcltech | 1 Hcl Nomad | 2024-11-21 | 6.6 Medium |
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | ||||
CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||
CVE-2022-44755 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM. | ||||
CVE-2022-44754 | 1 Hcltech | 1 Domino | 2024-11-21 | 9.8 Critical |
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. | ||||
CVE-2022-44753 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | ||||
CVE-2022-44752 | 1 Hcltech | 1 Domino | 2024-11-21 | 9.8 Critical |
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | ||||
CVE-2022-44751 | 1 Hcltech | 1 Notes | 2024-11-21 | 9.8 Critical |
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM. | ||||
CVE-2022-44750 | 1 Hcltech | 1 Domino | 2024-11-21 | 9.8 Critical |
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM. | ||||
CVE-2022-42453 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 6.9 Medium |
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. |