Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-4101
"HCL Digital Experience is susceptible to Server Side Request Forgery."
Hcltech Hcl Digital Experience 8.5
Hcltech Hcl Digital Experience 9.0
Hcltech Hcl Digital Experience 9.5
6.1
CVSSv3
CVE-2020-14222
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
Hcltech Hcl Digital Experience 8.5
Hcltech Hcl Digital Experience 9.0
Hcltech Hcl Digital Experience 9.5
5.4
CVSSv3
CVE-2021-27774
User input included in error response, which could be used in a phishing attack.
Hcltech Hcl Digital Experience 9.0
Hcltech Hcl Digital Experience 9.5
Hcltech Hcl Digital Experience 8.5
8.8
CVSSv3
CVE-2023-37502
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
Hcltech Hcl Compass
Hcltech Hcl Compass 2.1.0
9.8
CVSSv3
CVE-2023-37503
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
Hcltech Hcl Compass
Hcltech Hcl Compass 2.1.0
6.5
CVSSv3
CVE-2023-37504
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user....
Hcltech Hcl Compass
Hcltech Hcl Compass 2.1.0
6.1
CVSSv3
CVE-2023-37519
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.
Hcltech Bigfix Platform
Hcltech Bigfix Platform 11.0.0
6.1
CVSSv3
CVE-2023-37520
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
Hcltech Bigfix Platform
Hcltech Bigfix Platform 11.0.0
6.1
CVSSv3
CVE-2023-37527
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web pag...
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
6.1
CVSSv3
CVE-2023-37528
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
Hcltech Bigfix Platform 11.0.0
Hcltech Bigfix Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »