hcltech

410 tracked vulnerabilities.

CVE-2024-30111 LOW
HCL DRYiCE AEX - Missing Root Detection
Jun 28, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-30110 LOW
HCL DRYiCE AEX - Cross-Site Scripting via Input Validation Bypass
Jun 28, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-30109 LOW
HCL DRYiCE AEX - Clickjacking via Unprotected UI Layers
Jun 28, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-30112 MEDIUM
HCL Connections - Cross-Site Scripting
Jun 25, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-23556 MEDIUM
HCL BigFix Platform 9.5-9.5.25 - Denial of Service via SSL/TLS Renegotiation
May 18, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-23554 MEDIUM
HCL BigFix Platform 9.5-9.5.24 - Cross-Site Request Forgery
May 18, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-23583 MEDIUM
HCL BigFix Platform 9.5-9.5.24 - Insufficiently Protected Credentials via Task Manager
May 17, 2024
CVSS 6.7
EPSS 0.00
CVE-2024-30107 LOW
HCL Connections - Improper Access Control
Apr 18, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-23557 LOW
HCL Connections - User Enumeration via Valid User Determination
Apr 18, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-23553 LOW
HCL BigFix Platform 9.5-9.5.23 - Cross-Site Scripting in Web Reports
Feb 02, 2024
CVSS 3.0
EPSS 0.00
CVE-2023-37524 HIGH
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service
Jun 27, 2026
CVSS 7.7
EPSS 0.00
CVE-2023-37525 MEDIUM
HCL BigFix Compliance - Unauthenticated Sensitive Information Disclosure via WEB-INF Directory Access
Jan 28, 2026
CVSS 5.3
EPSS 0.00
CVE-2023-45721 MEDIUM
HCL Domino Leap 1.1-1.1.3 - Unauthenticated Exposure of Private Personal Information
Apr 30, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-37535 HIGH
HCL Domino Leap 1.1-1.1.3 - Cross-Site Scripting via Query Parameter Injection
Apr 30, 2025
CVSS 7.1
EPSS 0.00
CVE-2023-37517 LOW
HCL Domino Leap 1.1-1.1.1 - Sensitive Data Exposure via Missing Cache Headers
Apr 30, 2025
CVSS 3.2
EPSS 0.00
CVE-2023-37516 LOW
HCL Leap < 9.3.4 - Sensitive Information Exposure via Cache Headers
Apr 24, 2025
CVSS 3.2
EPSS 0.00
CVE-2023-45720 MEDIUM
HCL Leap < 9.3.5 - Unauthenticated Exposure of Private Personal Information via Insufficient Default Configuration
Apr 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-37534 HIGH
HCL Leap < 9.3.4 - Cross-Site Scripting via Query Parameter Injection
Apr 24, 2025
CVSS 7.1
EPSS 0.00
CVE-2023-50355 LOW
HCL Sametime < 12.0.2 - Sensitive Information Exposure via Error Messages
Oct 23, 2024
CVSS 3.6
EPSS 0.00
CVE-2023-37541 LOW
HCL Connections - Unauthorized Data Update via Broken Access Control
Jun 25, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-37539 HIGH
HCL Domino - Stored Cross-Site Scripting in Catalog Template
Jun 06, 2024
CVSS 8.4
EPSS 0.00
CVE-2023-50347 LOW
HCL DRYiCE MyXalytics - SQL Injection
Apr 10, 2024
CVSS 3.7
EPSS 0.01
CVE-2023-45715 LOW
HCL BigFix Platform 9.5-9.5.23 - Denial of Service via Invalid File Name Characters
Mar 28, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-45706 LOW
HCL BigFix Platform 9.5-9.5.24 - Authenticated Cross-Site Scripting via SAML Configuration
Mar 28, 2024
CVSS 2.0
EPSS 0.00
CVE-2023-45705 LOW
HCL BigFix Platform 10.0.0-10.0.10 - Authenticated Server-Side Request Forgery via SMTP Configuration
Mar 28, 2024
CVSS 3.5
EPSS 0.00