Vendor CVEs
HCL Software
All CVEs
380 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42012 | 0.00 | — | 0.00 | Dec 19, 2023 | An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. | |||
| CVE-2023-28022 | 0.00 | — | 0.01 | Dec 15, 2023 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||
| CVE-2023-28017 | 0.00 | — | 0.00 | Dec 7, 2023 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the… | |||
| CVE-2023-37533 | 0.00 | — | 0.00 | Nov 8, 2023 | HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow… | |||
| CVE-2023-37503 | 0.00 | — | 0.00 | Oct 19, 2023 | HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||
| CVE-2023-37504 | 0.00 | — | 0.00 | Oct 19, 2023 | HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the… | |||
| CVE-2023-37502 | 0.00 | — | 0.00 | Oct 18, 2023 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||
| CVE-2023-37537 | 0.00 | — | 0.00 | Oct 17, 2023 | An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||
| CVE-2023-37538 | 0.00 | — | 0.00 | Oct 11, 2023 | HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | |||
| CVE-2023-37536 | 0.00 | — | 0.01 | Oct 11, 2023 | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | |||
| CVE-2022-44757 | 0.00 | — | 0.00 | Oct 11, 2023 | BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | |||
| CVE-2022-44758 | 0.00 | — | 0.00 | Oct 11, 2023 | BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | |||
| CVE-2023-39955 | 0.00 | — | 0.00 | Aug 10, 2023 | Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version… | |||
| CVE-2023-23347 | 0.00 | — | 0.00 | Aug 9, 2023 | HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||
| CVE-2023-23346 | 0.00 | — | 0.00 | Aug 9, 2023 | HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | |||
| CVE-2023-37500 | 0.00 | — | 0.00 | Aug 3, 2023 | A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||
| CVE-2023-37499 | 0.00 | — | 0.00 | Aug 3, 2023 | A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||
| CVE-2023-37498 | 0.00 | — | 0.00 | Aug 3, 2023 | A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | |||
| CVE-2023-37497 | 0.00 | — | 0.00 | Aug 3, 2023 | The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. | |||
| CVE-2023-28014 | 0.00 | — | 0.00 | Jul 26, 2023 | HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | |||
| CVE-2023-28012 | 0.00 | — | 0.01 | Jul 26, 2023 | HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | |||
| CVE-2023-28023 | 0.00 | — | 0.00 | Jul 18, 2023 | A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | |||
| CVE-2023-28021 | 0.00 | — | 0.00 | Jul 18, 2023 | The BigFix WebUI uses weak cipher suites. | |||
| CVE-2023-28020 | 0.00 | — | 0.00 | Jul 18, 2023 | URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||
| CVE-2023-28019 | 0.00 | — | 0.00 | Jul 18, 2023 | Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | |||
| CVE-2023-23348 | 0.00 | — | 0.00 | Jul 10, 2023 | HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | |||
| CVE-2023-23344 | 0.00 | — | 0.00 | Jun 23, 2023 | A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||
| CVE-2023-28016 | 0.00 | — | 0.00 | Jun 22, 2023 | Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | |||
| CVE-2023-28006 | 0.00 | — | 0.00 | Jun 22, 2023 | The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | |||
| CVE-2023-23343 | 0.00 | — | 0.00 | Jun 22, 2023 | A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | |||
| CVE-2023-28015 | 0.00 | — | 0.00 | May 23, 2023 | The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a… | |||
| CVE-2023-28009 | 0.00 | — | 0.01 | Apr 26, 2023 | HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||
| CVE-2023-28008 | 0.00 | — | 0.01 | Apr 26, 2023 | HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||
| CVE-2022-42452 | 0.00 | — | 0.00 | Mar 30, 2023 | HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. | |||
| CVE-2022-42447 | 0.00 | — | 0.00 | Mar 27, 2023 | HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | |||
| CVE-2021-27782 | 0.00 | — | 0.00 | Jan 19, 2023 | HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||
| CVE-2022-38655 | 0.00 | — | 0.00 | Dec 20, 2022 | BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | |||
| CVE-2022-44756 | 0.00 | — | 0.00 | Dec 19, 2022 | Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. | |||
| CVE-2022-42454 | 0.00 | — | 0.00 | Dec 19, 2022 | Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. | |||
| CVE-2022-42453 | 0.00 | — | 0.00 | Dec 17, 2022 | There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. | |||
| CVE-2022-38659 | 0.00 | — | 0.00 | Dec 17, 2022 | In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | |||
| CVE-2022-44754 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the… | |||
| CVE-2022-44752 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to… | |||
| CVE-2022-44750 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the… | |||
| CVE-2022-44755 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the… | |||
| CVE-2022-44753 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to… | |||
| CVE-2022-44751 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the… | |||
| CVE-2022-38653 | 0.00 | — | 0.00 | Dec 15, 2022 | In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | |||
| CVE-2022-38662 | 0.00 | — | 0.00 | Dec 15, 2022 | In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | |||
| CVE-2022-42446 | 0.00 | — | 0.00 | Nov 30, 2022 | Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. |
- CVE-2023-42012Dec 19, 2023risk 0.00cvss —epss 0.00
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.
- CVE-2023-28022Dec 15, 2023risk 0.00cvss —epss 0.01
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
- CVE-2023-28017Dec 7, 2023risk 0.00cvss —epss 0.00
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the…
- CVE-2023-37533Nov 8, 2023risk 0.00cvss —epss 0.00
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow…
- CVE-2023-37503Oct 19, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
- CVE-2023-37504Oct 19, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the…
- CVE-2023-37502Oct 18, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
- CVE-2023-37537Oct 17, 2023risk 0.00cvss —epss 0.00
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.
- CVE-2023-37538Oct 11, 2023risk 0.00cvss —epss 0.00
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
- CVE-2023-37536Oct 11, 2023risk 0.00cvss —epss 0.01
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
- CVE-2022-44757Oct 11, 2023risk 0.00cvss —epss 0.00
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
- CVE-2022-44758Oct 11, 2023risk 0.00cvss —epss 0.00
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.
- CVE-2023-39955Aug 10, 2023risk 0.00cvss —epss 0.00
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version…
- CVE-2023-23347Aug 9, 2023risk 0.00cvss —epss 0.00
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
- CVE-2023-23346Aug 9, 2023risk 0.00cvss —epss 0.00
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
- CVE-2023-37500Aug 3, 2023risk 0.00cvss —epss 0.00
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks.
- CVE-2023-37499Aug 3, 2023risk 0.00cvss —epss 0.00
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks.
- CVE-2023-37498Aug 3, 2023risk 0.00cvss —epss 0.00
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.
- CVE-2023-37497Aug 3, 2023risk 0.00cvss —epss 0.00
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
- CVE-2023-28014Jul 26, 2023risk 0.00cvss —epss 0.00
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
- CVE-2023-28012Jul 26, 2023risk 0.00cvss —epss 0.01
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
- CVE-2023-28023Jul 18, 2023risk 0.00cvss —epss 0.00
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
- CVE-2023-28021Jul 18, 2023risk 0.00cvss —epss 0.00
The BigFix WebUI uses weak cipher suites.
- CVE-2023-28020Jul 18, 2023risk 0.00cvss —epss 0.00
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
- CVE-2023-28019Jul 18, 2023risk 0.00cvss —epss 0.00
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
- CVE-2023-23348Jul 10, 2023risk 0.00cvss —epss 0.00
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
- CVE-2023-23344Jun 23, 2023risk 0.00cvss —epss 0.00
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
- CVE-2023-28016Jun 22, 2023risk 0.00cvss —epss 0.00
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
- CVE-2023-28006Jun 22, 2023risk 0.00cvss —epss 0.00
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
- CVE-2023-23343Jun 22, 2023risk 0.00cvss —epss 0.00
A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.
- CVE-2023-28015May 23, 2023risk 0.00cvss —epss 0.00
The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a…
- CVE-2023-28009Apr 26, 2023risk 0.00cvss —epss 0.01
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- CVE-2023-28008Apr 26, 2023risk 0.00cvss —epss 0.01
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- CVE-2022-42452Mar 30, 2023risk 0.00cvss —epss 0.00
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.
- CVE-2022-42447Mar 27, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
- CVE-2021-27782Jan 19, 2023risk 0.00cvss —epss 0.00
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
- CVE-2022-38655Dec 20, 2022risk 0.00cvss —epss 0.00
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
- CVE-2022-44756Dec 19, 2022risk 0.00cvss —epss 0.00
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.
- CVE-2022-42454Dec 19, 2022risk 0.00cvss —epss 0.00
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access.
- CVE-2022-42453Dec 17, 2022risk 0.00cvss —epss 0.00
There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script.
- CVE-2022-38659Dec 17, 2022risk 0.00cvss —epss 0.00
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
- CVE-2022-44754Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the…
- CVE-2022-44752Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to…
- CVE-2022-44750Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the…
- CVE-2022-44755Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the…
- CVE-2022-44753Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to…
- CVE-2022-44751Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the…
- CVE-2022-38653Dec 15, 2022risk 0.00cvss —epss 0.00
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
- CVE-2022-38662Dec 15, 2022risk 0.00cvss —epss 0.00
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
- CVE-2022-42446Nov 30, 2022risk 0.00cvss —epss 0.00
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
Page 6 of 8