Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2023-28013
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-26
CVE-2023-28023
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 
CVSS Score
4.9
EPSS Score
0.001
Published
2023-07-18
CVE-2023-28020
 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
CVSS Score
4.7
EPSS Score
0.002
Published
2023-07-18
CVE-2023-28021
The BigFix WebUI uses weak cipher suites.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-07-18
CVE-2023-28019
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-07-18
CVE-2023-23344
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
CVSS Score
3.0
EPSS Score
0.001
Published
2023-06-23
CVE-2023-28006
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-06-22
CVE-2023-28016
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
CVSS Score
3.1
EPSS Score
0.002
Published
2023-06-22
CVE-2023-23343
A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.
CVSS Score
2.4
EPSS Score
0.0
Published
2023-06-22
CVE-2023-28008
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-04-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved