Hcltech: Security Vulnerabilities
HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
CVSS Score
3.7
EPSS Score
0.003
Published
2024-07-19
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
CVSS Score
4.7
EPSS Score
0.005
Published
2024-07-18
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-07-18
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.
CVSS Score
5.3
EPSS Score
0.009
Published
2024-07-08
HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-05
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.
CVSS Score
3.3
EPSS Score
0.004
Published
2024-06-28
HCL DRYiCE
AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which
can cause the system to behave in unexpected ways.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-06-28
HCL DRYiCE AEX product is impacted by Missing
Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted
device due to which malicious users can gain unauthorized access to the rooted
devices, compromising security and potentially leading to data breaches or
other malicious activities.
CVSS Score
3.3
EPSS Score
0.004
Published
2024-06-28
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-06-28
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
CVSS Score
5.4
EPSS Score
0.011
Published
2024-06-25