Filtered by vendor Hcltech Subscriptions
Total 193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28018 1 Hcltech 1 Connections 2024-11-21 5.5 Medium
HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users.
CVE-2023-28014 1 Hcltech 1 Bigfix Mobile 2024-11-21 6.6 Medium
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
CVE-2023-28013 1 Hcltech 1 Verse 2024-11-21 6.5 Medium
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
CVE-2023-28012 1 Hcltech 1 Bigfix Mobile 2024-11-21 5.4 Medium
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVE-2023-28010 1 Hcltech 1 Domino 2024-11-21 4 Medium
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.
CVE-2023-28009 1 Hcltech 1 Workload Automation 2024-11-21 6.5 Medium
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2023-28008 1 Hcltech 1 Workload Automation 2024-11-21 7.1 High
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2023-23347 1 Hcltech 1 Dryice Iautomate 2024-11-21 6.4 Medium
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
CVE-2023-23346 1 Hcltech 1 Dryice Mycloud 2024-11-21 6.4 Medium
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
CVE-2023-23344 1 Hcltech 1 Bigfix Webui Insights 2024-11-21 3 Low
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
CVE-2023-23342 1 Hcltech 1 Hcl Nomad 2024-11-21 6.6 Medium
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 
CVE-2022-44758 1 Hcltech 1 Bigfix Insights For Vulnerability Remediation 2024-11-21 6.5 Medium
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.
CVE-2022-44757 1 Hcltech 1 Bigfix Insights For Vulnerability Remediation 2024-11-21 6.5 Medium
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
CVE-2022-44755 1 Hcltech 1 Notes 2024-11-21 9.8 Critical
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.  This vulnerability applies to software previously licensed by IBM.
CVE-2022-44754 1 Hcltech 1 Domino 2024-11-21 9.8 Critical
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.  This vulnerability applies to software previously licensed by IBM.
CVE-2022-44753 1 Hcltech 1 Notes 2024-11-21 9.8 Critical
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.  This vulnerability applies to software previously licensed by IBM.
CVE-2022-44752 1 Hcltech 1 Domino 2024-11-21 9.8 Critical
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.  This vulnerability applies to software previously licensed by IBM.
CVE-2022-44751 1 Hcltech 1 Notes 2024-11-21 9.8 Critical
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.  This vulnerability applies to software previously licensed by IBM.
CVE-2022-44750 1 Hcltech 1 Domino 2024-11-21 9.8 Critical
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.  This vulnerability applies to software previously licensed by IBM.
CVE-2022-42453 1 Hcltech 1 Bigfix Platform 2024-11-21 6.9 Medium
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.