Hcltech: Security Vulnerabilities
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
CVSS Score
4.8
EPSS Score
0.001
Published
2022-05-06
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
CVSS Score
4.7
EPSS Score
0.003
Published
2022-05-06
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
CVSS Score
7.4
EPSS Score
0.001
Published
2022-05-06
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
CVSS Score
7.5
EPSS Score
0.001
Published
2022-03-04
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."
CVSS Score
7.5
EPSS Score
0.002
Published
2022-03-04
"Sametime Android PathTraversal Vulnerability"
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-21
"Sametime Android potential path traversal vulnerability when using File class"
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-21
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
CVSS Score
3.9
EPSS Score
0.0
Published
2021-10-25
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
CVSS Score
3.9
EPSS Score
0.001
Published
2021-10-21
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
CVSS Score
6.1
EPSS Score
0.004
Published
2021-02-02