Hcltech: Security Vulnerabilities
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-11-07
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-11-07
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.
CVSS Score
3.8
EPSS Score
0.0
Published
2024-11-07
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
CVSS Score
3.5
EPSS Score
0.004
Published
2024-10-28
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.
CVSS Score
3.6
EPSS Score
0.002
Published
2024-10-23
HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.
CVSS Score
5.8
EPSS Score
0.002
Published
2024-10-23
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
CVSS Score
2.5
EPSS Score
0.001
Published
2024-10-14
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.
CVSS Score
3.5
EPSS Score
0.004
Published
2024-10-09
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-10-01
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-09-27