Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2024-42190
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-30
CVE-2024-42191
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-30
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-05
CVE-2024-42213
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-05-05
CVE-2023-37535
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-30
CVE-2023-45721
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-30
CVE-2024-30115
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-30
CVE-2024-30145
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-30
CVE-2024-30146
Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-30
CVE-2022-42450
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved