Hcltech: Security Vulnerabilities
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.
CVSS Score
2.2
EPSS Score
0.0
Published
2025-07-25
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-07-24
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-07-24
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-07-24
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-07-17
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-30
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-30
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-05-05
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-05-05
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-04-30