Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-37498
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.
Hcltech Unica
6.1
CVSSv3
CVE-2023-37499
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks.
Hcltech Unica
6.1
CVSSv3
CVE-2023-37501
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks.
Hcltech Unica
8.2
CVSSv3
CVE-2019-4391
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
Hcltech Appscan
9.8
CVSSv3
CVE-2019-4392
HCL AppScan Standard Edition 9.0.3.13 and previous versions uses hard-coded credentials which can be exploited by malicious users to get unauthorized access to the system.
Hcltech Appscan
9.8
CVSSv3
CVE-2019-4393
HCL AppScan Standard is vulnerable to excessive authorization attempts
Hcltech Appscan
5.9
CVSSv3
CVE-2017-1712
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote malicious user to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server ru...
Hcltech Domino
5.4
CVSSv3
CVE-2019-4409
HCL Traveler versions 9.x and previous versions are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error me...
Hcltech Traveler
6.1
CVSSv3
CVE-2019-4324
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
Hcltech Appscan
7.5
CVSSv3
CVE-2019-4326
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
Hcltech Appscan
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »