Hcltech: Security Vulnerabilities
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-24
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-24
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-24
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-24
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
CVSS Score
2.5
EPSS Score
0.001
Published
2025-04-17
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system.
CVSS Score
2.6
EPSS Score
0.0
Published
2025-04-17
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-04-15
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-15
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-15
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-04-04