hcltech

395 tracked vulnerabilities.

CVE-2023-50343 HIGH
HCL DRYiCE MyXalytics - Authenticated Improper Access Control via Controller APIs
Jan 03, 2024
CVSS 8.3
EPSS 0.00
CVE-2023-50342 HIGH
HCL DRYiCE MyXalytics - Insecure Direct Object Reference
Jan 03, 2024
CVSS 7.1
EPSS 0.00
CVE-2023-50341 HIGH
HCL DRYiCE MyXalytics - Improper Access Control via Obsolete Web Pages
Jan 03, 2024
CVSS 7.6
EPSS 0.00
CVE-2023-45724 HIGH
HCL DRYiCE MyXalytics - Unauthenticated Unrestricted Upload of File with Dangerous Type
Jan 03, 2024
CVSS 8.2
EPSS 0.00
CVE-2023-45723 HIGH
HCL DRYiCE MyXalytics - Path Traversal via File Upload Endpoint
Jan 03, 2024
CVSS 7.6
EPSS 0.00
CVE-2023-45722 HIGH
HCL DRYiCE MyXalytics - Path Traversal and Arbitrary File Read
Jan 03, 2024
CVSS 8.8
EPSS 0.00
CVE-2023-50351 HIGH
HCL DRYiCE MyXalytics - Use of a Broken or Risky Cryptographic Algorithm via Insecure Key Rotation Mechanism
Jan 03, 2024
CVSS 8.2
EPSS 0.00
CVE-2023-50350 HIGH
HCL DRYiCE MyXalytics - Use of a Broken Cryptographic Algorithm
Jan 03, 2024
CVSS 8.2
EPSS 0.00
CVE-2023-50348 LOW
HCL DRYiCE MyXalytics - Information Disclosure via Detailed Error Messages
Jan 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-50346 LOW
HCL DRYiCE MyXalytics - Exposure of Sensitive Information via File Information Endpoints
Jan 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-50345 LOW
HCL DRYiCE MyXalytics - Open Redirect
Jan 03, 2024
CVSS 3.7
EPSS 0.00
CVE-2023-37520 HIGH
HCL BigFix Platform 9.5.12.68 - Unauthenticated Stored Cross-Site Scripting in Gather Status Report
Dec 21, 2023
CVSS 7.7
EPSS 0.00
CVE-2023-37519 HIGH
HCL BigFix Platform < 9.5.23 - Unauthenticated Stored Cross-Site Scripting in Download Status Report
Dec 21, 2023
CVSS 7.7
EPSS 0.00
CVE-2023-28025 MEDIUM
HCL BigFix Modern Client Management < 3.2 - Stored Cross-Site Scripting via SVG Tag Injection
Dec 21, 2023
CVSS 6.6
EPSS 0.00
CVE-2023-28022 LOW
HCL Connections - Information Disclosure via Improper Request Handling
Dec 15, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-28017 MEDIUM
HCL Connections - Stored Cross-Site Scripting
Dec 07, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-37533 MEDIUM
HCL Connections - Reflected Cross-Site Scripting
Nov 09, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-37532 MEDIUM
HCL Commerce 9.1.8-9.1.13.2 - Path Traversal via Crafted URL
Oct 23, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-37503 HIGH
HCL Compass 2.0.0-2.0.3 - Weak Password Requirements
Oct 19, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-37504 HIGH
HCL Compass 2.0.0-2.0.3 - Insufficient Session Expiration
Oct 19, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-37502 CRITICAL
HCL Compass 2.0.0-2.0.2 - Unrestricted Upload of File with Dangerous Type
Oct 18, 2023
CVSS 9.0
EPSS 0.00
CVE-2023-37537 HIGH
HCL AppScan Presence - Privilege Escalation
Oct 17, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-37538 CRITICAL
HCL Digital Experience - Reflected Cross-Site Scripting
Oct 11, 2023
CVSS 9.3
EPSS 0.00
CVE-2023-37536 HIGH
Xerces-C++ 3.2.3 - Integer Overflow via HTTP Request
Oct 11, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-28010 MEDIUM
HCL Domino - Unauthorized Sensitive Information Exposure via Server Hostname
Sep 08, 2023
CVSS 4.0
EPSS 0.00
Products
bigfix_platform 33 dryice_myxalytics 31 aion 29 connections 22 domino 22 bigfix_service_management 18 aftermarket_cloud 17 sametime 17 unica 17 hcl_leap 11 notes 11 bigfix_mobile 10 bigfix_compliance 9 domino_leap 9 appscan 8 digital_experience 8 bigfix_webui 7 hcl_inotes 7 bigfix_modern_client_management 6 dryice_iautomate 6 traveler 6 bigfix_insights_for_vulnerability_remediation 5 dfxanalytics 5 intelliops_event_management 5 traveler_for_microsoft_outlook 5 verse 5 bigfix_saas 4 dryice_aex 4 hcl_compass 4 hcl_digital_experience 4
Quick Filters
Critical CVEs With Exploits In CISA KEV