Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-42447
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote malicious user to trick a legitimate user into accessing a special resource and executing a malicious request.
Hcltech Hcl Compass
6.1
CVSSv3
CVE-2021-27788
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies...
Hcltech Verse
5.4
CVSSv3
CVE-2022-38657
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.
Hcltech Hcl Leap
7.5
CVSSv3
CVE-2021-27782
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
Hcltech Bigfix Mobile 2.0
7.5
CVSSv3
CVE-2022-38658
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive d...
Hcltech Bigfix Server Automation
5.8
CVSSv3
CVE-2022-38655
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
Hcltech Bigfix Webui 20
7.8
CVSSv3
CVE-2022-44751
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated malicious user to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vul...
Hcltech Notes 9.0.1
Hcltech Notes 10.0.1
5.4
CVSSv3
CVE-2022-38653
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
Hcltech Digital Experience 9.0
Hcltech Digital Experience 9.5
Hcltech Digital Experience 8.5
7.8
CVSSv3
CVE-2022-38659
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
Hcltech Bigfix Platform
7.8
CVSSv3
CVE-2022-44750
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated malicious user to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vu...
Hcltech Domino 9.0.1
Hcltech Domino 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »