hcltech

410 tracked vulnerabilities.

CVE-2023-37531 LOW
HCL BigFix Platform 9.5-9.5.23 - Stored Cross-Site Scripting in Web Reports Form Field
Feb 29, 2024
CVSS 3.3
EPSS 0.00
CVE-2023-37530 LOW
HCL BigFix Platform 9.5-9.5.23 - Cross-Site Scripting in Web Reports
Feb 29, 2024
CVSS 3.0
EPSS 0.00
CVE-2023-37529 LOW
HCL BigFix Platform 9.5-9.5.23 - Cross-Site Scripting in Web Reports
Feb 29, 2024
CVSS 3.0
EPSS 0.00
CVE-2023-37495 MEDIUM
HCL Domino 9.0-14.0 - Weak Password Hashing in Person Documents
Feb 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2023-37540 LOW
HCL Sametime 11.5-12.0.1 - Insecure Storage of Sensitive Information via Eclipse Secure Storage
Feb 23, 2024
CVSS 3.9
EPSS 0.00
CVE-2023-28018 MEDIUM
HCL Connections - Denial of Service via Crafted Request
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-45698 MEDIUM
HCL Sametime Chat and Meetings - Clickjacking via Outlook Add-in
Feb 10, 2024
CVSS 4.8
EPSS 0.00
CVE-2023-45696 MEDIUM
HCL Sametime 11.5-12.0.1 - Sensitive Information Exposure via Legacy Web Chat Autocomplete
Feb 10, 2024
CVSS 4.0
EPSS 0.00
CVE-2023-45718 LOW
HCL Sametime 11.5-12.0.1 - Insufficient Session Expiration in Web Client
Feb 09, 2024
CVSS 3.9
EPSS 0.00
CVE-2023-45716 LOW
HCL Sametime < 12.0.2 - Cleartext Transmission of Sensitive Information via URL
Feb 09, 2024
CVSS 1.7
EPSS 0.00
CVE-2023-50349 MEDIUM
HCL Sametime < 12.0.2 - Cross-Site Request Forgery in REST APIs
Feb 09, 2024
CVSS 5.9
EPSS 0.00
CVE-2023-37528 MEDIUM
HCL BigFix Platform 9.5-9.5.23 - Cross-Site Scripting in Web Reports Save Report Parameter
Feb 03, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-37527 MEDIUM
HCL BigFix Platform 9.5-9.5.23 - Reflected Cross-Site Scripting in Web Reports
Feb 02, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-37518 MEDIUM
HCL BigFix ServiceNow Data Flow < 1.3 - Authenticated Code Injection
Jan 30, 2024
CVSS 6.4
EPSS 0.00
CVE-2023-50344 MEDIUM
HCL DRYiCE MyXalytics - Unauthenticated File Download via Improper Access Control
Jan 03, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-50343 HIGH
HCL DRYiCE MyXalytics - Authenticated Improper Access Control via Controller APIs
Jan 03, 2024
CVSS 8.3
EPSS 0.00
CVE-2023-50342 HIGH
HCL DRYiCE MyXalytics - Insecure Direct Object Reference
Jan 03, 2024
CVSS 7.1
EPSS 0.00
CVE-2023-50341 HIGH
HCL DRYiCE MyXalytics - Improper Access Control via Obsolete Web Pages
Jan 03, 2024
CVSS 7.6
EPSS 0.00
CVE-2023-45724 HIGH
HCL DRYiCE MyXalytics - Unauthenticated Unrestricted Upload of File with Dangerous Type
Jan 03, 2024
CVSS 8.2
EPSS 0.01
CVE-2023-45723 HIGH
HCL DRYiCE MyXalytics - Path Traversal via File Upload Endpoint
Jan 03, 2024
CVSS 7.6
EPSS 0.01
CVE-2023-45722 HIGH
HCL DRYiCE MyXalytics - Path Traversal and Arbitrary File Read
Jan 03, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-50351 HIGH
HCL DRYiCE MyXalytics - Use of a Broken or Risky Cryptographic Algorithm via Insecure Key Rotation Mechanism
Jan 03, 2024
CVSS 8.2
EPSS 0.00
CVE-2023-50350 HIGH
HCL DRYiCE MyXalytics - Use of a Broken Cryptographic Algorithm
Jan 03, 2024
CVSS 8.2
EPSS 0.00
CVE-2023-50348 LOW
HCL DRYiCE MyXalytics - Information Disclosure via Detailed Error Messages
Jan 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-50346 LOW
HCL DRYiCE MyXalytics - Exposure of Sensitive Information via File Information Endpoints
Jan 03, 2024
CVSS 3.1
EPSS 0.00