Hcltech: Security Vulnerabilities
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
CVSS Score
6.1
EPSS Score
0.004
Published
2021-02-02
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-02-02
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-02-02
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-12-28
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-12-22
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2020-12-21
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-12-18
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-12-18
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-12-18
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-12-18