Filtered by vendor Hcltech
Subscriptions
Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4090 | 1 Hcltech | 1 Marketing Campaign | 2020-07-22 | 5.4 Medium |
| "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | ||||
| CVE-2017-1712 | 1 Hcltech | 1 Domino | 2020-07-10 | 5.9 Medium |
| "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions." | ||||
| CVE-2020-4101 | 1 Hcltech | 1 Hcl Digital Experience | 2020-06-17 | 9.8 Critical |
| "HCL Digital Experience is susceptible to Server Side Request Forgery." | ||||
| CVE-2020-4092 | 1 Hcltech | 1 Hcl Nomad | 2020-05-12 | 5.3 Medium |
| "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content." | ||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2020-04-29 | 7.5 High |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | ||||
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2020-04-08 | 9.8 Critical |
| HCL AppScan Standard is vulnerable to excessive authorization attempts | ||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2020-04-08 | 8.2 High |
| HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | ||||
| CVE-2020-4084 | 1 Hcltech | 1 Connections | 2020-03-10 | 5.4 Medium |
| HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2020-4082 | 1 Hcltech | 1 Connections | 2020-03-06 | 5.4 Medium |
| The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-4083 | 1 Hcltech | 1 Connections | 2020-03-06 | 5.5 Medium |
| HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. | ||||
| CVE-2019-16188 | 1 Hcltech | 1 Appscan Source | 2019-09-26 | 7.1 High |
| HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. | ||||
| CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2018-07-20 | N/A |
| A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | ||||