Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-26
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
CVSS Score
9.6
EPSS Score
0.005
Published
2023-04-02
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.  By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
CVSS Score
8.3
EPSS Score
0.001
Published
2023-03-10
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-02-12
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-20
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.
CVSS Score
7.7
EPSS Score
0.001
Published
2022-12-24
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
CVSS Score
6.4
EPSS Score
0.001
Published
2022-12-21
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.  This vulnerability applies to software previously licensed by IBM.
CVSS Score
9.8
EPSS Score
0.024
Published
2022-12-19
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.  This vulnerability applies to software previously licensed by IBM.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-12-19
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.  This vulnerability applies to software previously licensed by IBM.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-12-19


Contact Us

Shodan ® - All rights reserved