Hcltech: Security Vulnerabilities
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-17
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-17
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."
CVSS Score
6.0
EPSS Score
0.0
Published
2020-07-16
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVSS Score
4.3
EPSS Score
0.002
Published
2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVSS Score
6.1
EPSS Score
0.003
Published
2020-07-07
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
CVSS Score
5.9
EPSS Score
0.002
Published
2020-07-01
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-06-26
"HCL Digital Experience is susceptible to Server Side Request Forgery."
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-11
"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content."
CVSS Score
5.3
EPSS Score
0.001
Published
2020-05-06
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-01