VYPR

Vendor CVEs

HCL Software

All CVEs

380 total · sorted by risk
  • CVE-2024-30150Feb 25, 2025
    risk 0.00cvss epss 0.00

    HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users.

  • CVE-2024-23563Feb 12, 2025
    risk 0.00cvss epss 0.00

    HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

  • CVE-2024-42207Feb 5, 2025
    risk 0.00cvss epss 0.00

    HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim's session ID from their authenticated session.

  • CVE-2024-22349Jan 20, 2025
    risk 0.00cvss epss 0.00

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2024-22347Jan 20, 2025
    risk 0.00cvss epss 0.00

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2024-22348Jan 20, 2025
    risk 0.00cvss epss 0.00

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

  • CVE-2024-42181Jan 12, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

  • CVE-2024-42180Jan 12, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

  • CVE-2024-42179Jan 12, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.

  • CVE-2024-42175Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.

  • CVE-2024-42174Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames.

  • CVE-2024-42173Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.

  • CVE-2024-42172Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can…

  • CVE-2024-42171Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

  • CVE-2024-42170Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

  • CVE-2024-42169Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.

  • CVE-2024-42168Jan 11, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

  • CVE-2024-42196Dec 6, 2024
    risk 0.00cvss epss 0.00

    HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

  • CVE-2024-42195Dec 5, 2024
    risk 0.00cvss epss 0.00

    HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

  • CVE-2024-42188Nov 14, 2024
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.

  • CVE-2024-30133Nov 12, 2024
    risk 0.00cvss epss 0.00

    HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

  • CVE-2024-30142Nov 7, 2024
    risk 0.00cvss epss 0.00

    HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

  • CVE-2024-30141Nov 7, 2024
    risk 0.00cvss epss 0.00

    HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.

  • CVE-2024-30140Nov 7, 2024
    risk 0.00cvss epss 0.00

    HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.

  • CVE-2024-30106Oct 28, 2024
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.

  • CVE-2024-30117Oct 14, 2024
    risk 0.00cvss epss 0.00

    A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

  • CVE-2024-30118Oct 9, 2024
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.

  • CVE-2024-30132Oct 1, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2024-23586Sep 27, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.

  • CVE-2024-30134Sep 26, 2024
    risk 0.00cvss epss 0.00

    The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.

  • CVE-2024-30128Sep 25, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.

  • CVE-2024-34656Sep 4, 2024
    risk 0.00cvss epss 0.00

    Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

  • CVE-2024-34634Aug 7, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

  • CVE-2024-34633Aug 7, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

  • CVE-2024-34632Aug 7, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

  • CVE-2024-34622Aug 7, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.

  • CVE-2024-30130Jul 19, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.

  • CVE-2024-30126Jul 18, 2024
    risk 0.00cvss epss 0.00

    HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.

  • CVE-2024-30125Jul 18, 2024
    risk 0.00cvss epss 0.00

    HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.

  • CVE-2024-23562Jul 8, 2024
    risk 0.00cvss epss 0.00

    A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.

  • CVE-2024-23588Jul 5, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.

  • CVE-2024-30135Jun 28, 2024
    risk 0.00cvss epss 0.00

    HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.

  • CVE-2024-30111Jun 28, 2024
    risk 0.00cvss epss 0.00

    HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially…

  • CVE-2024-30110Jun 28, 2024
    risk 0.00cvss epss 0.00

    HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways.

  • CVE-2024-30109Jun 28, 2024
    risk 0.00cvss epss 0.00

    HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.

  • CVE-2024-30112Jun 25, 2024
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based…

  • CVE-2023-37541Jun 25, 2024
    risk 0.00cvss epss 0.00

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

  • CVE-2024-37317Jun 14, 2024
    risk 0.00cvss epss 0.00

    The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the…

  • CVE-2023-37539Jun 6, 2024
    risk 0.00cvss epss 0.00

    The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated…

  • CVE-2024-23556May 17, 2024
    risk 0.00cvss epss 0.00

    SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.

Page 4 of 8