Hcltech: Security Vulnerabilities
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-10-31
User input included in error response, which could be used in a phishing attack.
CVSS Score
3.1
EPSS Score
0.003
Published
2022-09-22
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
CVSS Score
7.5
EPSS Score
0.009
Published
2022-09-15
HCL VersionVault Express exposes administrator credentials.
CVSS Score
6.0
EPSS Score
0.002
Published
2022-08-30
An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-08-30
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
CVSS Score
8.3
EPSS Score
0.002
Published
2022-08-29
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-08-29
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-08-29
BigFix Web Reports authorized users may see SMTP credentials in clear text.
CVSS Score
5.0
EPSS Score
0.002
Published
2022-07-19
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
CVSS Score
4.6
EPSS Score
0.003
Published
2022-07-19