Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2023-37532
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-10-23
CVE-2023-37503
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-19
CVE-2023-37504
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called.  If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-19
CVE-2023-37502
HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-10-18
CVE-2023-37537
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-17
CVE-2023-37538
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
CVSS Score
9.3
EPSS Score
0.002
Published
2023-10-11
CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVSS Score
8.2
EPSS Score
0.01
Published
2023-10-11
CVE-2022-44757
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-11
CVE-2022-44758
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-11
CVE-2022-42451
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.
CVSS Score
4.6
EPSS Score
0.0
Published
2023-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved