Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-27768
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up...
Hcltech Verse
4.8
CVSSv3
CVE-2021-27778
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, ses...
Hcltech Traveler
6.1
CVSSv3
CVE-2021-27788
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies...
Hcltech Verse
8.2
CVSSv3
CVE-2019-4391
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
Hcltech Appscan
9.8
CVSSv3
CVE-2019-4392
HCL AppScan Standard Edition 9.0.3.13 and previous versions uses hard-coded credentials which can be exploited by malicious users to get unauthorized access to the system.
Hcltech Appscan
9.8
CVSSv3
CVE-2019-4393
HCL AppScan Standard is vulnerable to excessive authorization attempts
Hcltech Appscan
5.4
CVSSv3
CVE-2019-4409
HCL Traveler versions 9.x and previous versions are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error me...
Hcltech Traveler
7.5
CVSSv3
CVE-2020-4099
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
Hcltech Verse
4.3
CVSSv3
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an malicious user to embed the contents of untrusted web pages in a frame."
Hcltech Appscan
6.1
CVSSv3
CVE-2019-4324
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
Hcltech Appscan
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »