Hcltech: Security Vulnerabilities
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
CVSS Score
4.6
EPSS Score
0.002
Published
2022-06-09
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-06-01
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-05-27
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-27
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-05-25
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-05-25
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-05-19
This vulnerability allows users to execute a clickjacking attack in the meeting's chat.
CVSS Score
4.2
EPSS Score
0.001
Published
2022-05-12
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-12
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-05-12