hcltech

410 tracked vulnerabilities.

CVE-2023-37497 HIGH
HCL Unica < 11.1.0.6 - Authenticated XML External Entity Injection
Aug 03, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-37496 HIGH
HCL Verse < 3.1 - Stored Cross-Site Scripting
Aug 01, 2023
CVSS 8.3
EPSS 0.00
CVE-2023-28014 MEDIUM
HCL BigFix Mobile - Authenticated Stored Cross-Site Scripting
Jul 27, 2023
CVSS 6.6
EPSS 0.00
CVE-2023-28012 MEDIUM
HCL BigFix Mobile - Authenticated Command Injection
Jul 27, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-28013 MEDIUM
HCL Verse < 3.1 - Reflected Cross-Site Scripting
Jul 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-28023 MEDIUM
BigFix WebUI < 44 - Cross-Site Request Forgery in Software Distribution Interface
Jul 18, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-28021 MEDIUM
BigFix WebUI - Inadequate Encryption Strength
Jul 18, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-28020 MEDIUM
HCL BigFix WebUI - Open Redirect via Login Page Redirect URL Header
Jul 18, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-28019 MEDIUM
Bigfix WebUI < 14 - Authenticated SQL Injection via Unparameterized API Query
Jul 18, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-23344 LOW
BigFix WebUI Insights 14 - Authenticated Missing Authorization
Jun 23, 2023
CVSS 3.0
EPSS 0.00
CVE-2023-28016 LOW
HCL BigFix OSD Bare Metal Server < 311.12 - Host Header Injection
Jun 22, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-28006 HIGH
HCL BigFix OSD Bare Metal Server < 311.12 - Use of a Broken or Risky Cryptographic Algorithm
Jun 22, 2023
CVSS 7.0
EPSS 0.00
CVE-2023-23343 LOW
HCL BigFix OSD Bare Metal Server < 311.12 - Clickjacking via Transparent or Opaque Layers
Jun 22, 2023
CVSS 2.4
EPSS 0.00
CVE-2023-28009 MEDIUM
HCL Workload Automation - XML External Entity Injection
Apr 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-28008 HIGH
HCL Workload Automation 9.4, 9.5, and 10.1 - XML External Entity Injection
Apr 26, 2023
CVSS 7.1
EPSS 0.01
CVE-2022-42450 MEDIUM
HCL Domino Volt - Stored Cross-Site Scripting via SVG File Upload
Apr 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-42449 MEDIUM
HCL Domino Volt 1.0-1.1.0 - Unauthenticated Unrestricted Upload of Dangerous File Type
Apr 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-27562 MEDIUM
HCL Domino Volt 1.0-<1.1.1 - Unauthenticated Unrestricted Upload of Dangerous File Type
Apr 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-44760 MEDIUM
HCL Leap 9.0-9.3.0 - Unrestricted Upload of File with Dangerous Type
Apr 24, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-44759 MEDIUM
HCL Leap 9.0-9.3.0 - Cross-Site Scripting via SVG File Upload
Apr 24, 2025
CVSS 4.6
EPSS 0.00
CVE-2022-44758 MEDIUM
BigFix Insights for Vulnerability Remediation < 2.0.3 - Insufficiently Protected Credentials in Fixlet Content
Oct 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-44757 MEDIUM
BigFix Insights for Vulnerability Remediation < 2.0.3 - Insufficiently Protected Credentials
Oct 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-42451 MEDIUM
HCL BigFix Patch Management < 1055 - Insufficiently Protected Credentials
Oct 11, 2023
CVSS 4.6
EPSS 0.00
CVE-2022-42447 CRITICAL
HCL Compass 2.0.0-2.0.2 - Cross-Origin Resource Sharing Misconfiguration
Apr 02, 2023
CVSS 9.6
EPSS 0.00
CVE-2022-38657 HIGH
Hcltech HCL Leap - Open Redirect via Feedback Action
Feb 12, 2023
CVSS 8.2
EPSS 0.00