hcltech
410 tracked vulnerabilities.
CVE-2023-37497
HIGH
HCL Unica < 11.1.0.6 - Authenticated XML External Entity Injection
Aug 03, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-37496
HIGH
HCL Verse < 3.1 - Stored Cross-Site Scripting
Aug 01, 2023
CVSS 8.3
EPSS 0.00
CVE-2023-28014
MEDIUM
HCL BigFix Mobile - Authenticated Stored Cross-Site Scripting
Jul 27, 2023
CVSS 6.6
EPSS 0.00
CVE-2023-28012
MEDIUM
HCL BigFix Mobile - Authenticated Command Injection
Jul 27, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-28013
MEDIUM
HCL Verse < 3.1 - Reflected Cross-Site Scripting
Jul 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-28023
MEDIUM
BigFix WebUI < 44 - Cross-Site Request Forgery in Software Distribution Interface
Jul 18, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-28021
MEDIUM
BigFix WebUI - Inadequate Encryption Strength
Jul 18, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-28020
MEDIUM
HCL BigFix WebUI - Open Redirect via Login Page Redirect URL Header
Jul 18, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-28019
MEDIUM
Bigfix WebUI < 14 - Authenticated SQL Injection via Unparameterized API Query
Jul 18, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-23344
LOW
BigFix WebUI Insights 14 - Authenticated Missing Authorization
Jun 23, 2023
CVSS 3.0
EPSS 0.00
CVE-2023-28016
LOW
HCL BigFix OSD Bare Metal Server < 311.12 - Host Header Injection
Jun 22, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-28006
HIGH
HCL BigFix OSD Bare Metal Server < 311.12 - Use of a Broken or Risky Cryptographic Algorithm
Jun 22, 2023
CVSS 7.0
EPSS 0.00
CVE-2023-23343
LOW
HCL BigFix OSD Bare Metal Server < 311.12 - Clickjacking via Transparent or Opaque Layers
Jun 22, 2023
CVSS 2.4
EPSS 0.00
CVE-2023-28009
MEDIUM
HCL Workload Automation - XML External Entity Injection
Apr 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-28008
HIGH
HCL Workload Automation 9.4, 9.5, and 10.1 - XML External Entity Injection
Apr 26, 2023
CVSS 7.1
EPSS 0.01
CVE-2022-42450
MEDIUM
HCL Domino Volt - Stored Cross-Site Scripting via SVG File Upload
Apr 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-42449
MEDIUM
HCL Domino Volt 1.0-1.1.0 - Unauthenticated Unrestricted Upload of Dangerous File Type
Apr 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-27562
MEDIUM
HCL Domino Volt 1.0-<1.1.1 - Unauthenticated Unrestricted Upload of Dangerous File Type
Apr 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-44760
MEDIUM
HCL Leap 9.0-9.3.0 - Unrestricted Upload of File with Dangerous Type
Apr 24, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-44759
MEDIUM
HCL Leap 9.0-9.3.0 - Cross-Site Scripting via SVG File Upload
Apr 24, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-44758
MEDIUM
BigFix Insights for Vulnerability Remediation < 2.0.3 - Insufficiently Protected Credentials in Fixlet Content
Oct 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-44757
MEDIUM
BigFix Insights for Vulnerability Remediation < 2.0.3 - Insufficiently Protected Credentials
Oct 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-42451
MEDIUM
HCL BigFix Patch Management < 1055 - Insufficiently Protected Credentials
Oct 11, 2023
CVSS 4.6
EPSS 0.00
CVE-2022-42447
CRITICAL
HCL Compass 2.0.0-2.0.2 - Cross-Origin Resource Sharing Misconfiguration
Apr 02, 2023
CVSS 9.6
EPSS 0.00
CVE-2022-38657
HIGH
Hcltech HCL Leap - Open Redirect via Feedback Action
Feb 12, 2023
CVSS 8.2
EPSS 0.00
Products
bigfix_platform 33
dryice_myxalytics 31
aion 29
connections 22
domino 22
bigfix_service_management 18
unica 18
aftermarket_cloud 17
sametime 17
digital_experience 11
hcl_leap 11
notes 11
bigfix_mobile 10
bigfix_compliance 9
domino_leap 9
appscan 8
traveler_for_microsoft_outlook 8
bigfix_webui 7
hcl_inotes 7
bigfix_modern_client_management 6
dryice_iautomate 6
icontrol 6
traveler 6
bigfix_insights_for_vulnerability_remediation 5
dfxanalytics 5
intelliops_event_management 5
verse 5
bigfix_saas 4
dryice_aex 4
hcl_compass 4
Quick Filters