Hcltech: Security Vulnerabilities
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
CVSS Score
3.0
EPSS Score
0.001
Published
2023-06-23
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-06-22
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
CVSS Score
3.1
EPSS Score
0.002
Published
2023-06-22
A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.
CVSS Score
2.4
EPSS Score
0.0
Published
2023-06-22
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-04-26
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-26
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
CVSS Score
9.6
EPSS Score
0.006
Published
2023-04-02
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
CVSS Score
8.3
EPSS Score
0.001
Published
2023-03-10
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-02-12
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.
User should be locked out for multiple invalid attempts.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-20