Hcltech: Security Vulnerabilities
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-11-01
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-10-31
User input included in error response, which could be used in a phishing attack.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-09-22
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
CVSS Score
7.5
EPSS Score
0.005
Published
2022-09-15
HCL VersionVault Express exposes administrator credentials.
CVSS Score
6.0
EPSS Score
0.001
Published
2022-08-30
An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-08-30
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
CVSS Score
8.3
EPSS Score
0.001
Published
2022-08-29
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-08-29
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-08-29
BigFix Web Reports authorized users may see SMTP credentials in clear text.
CVSS Score
5.0
EPSS Score
0.002
Published
2022-07-19