VYPR

Vendor CVEs

HCL Software

All CVEs

380 total · sorted by risk
  • CVE-2022-42445Nov 28, 2022
    risk 0.00cvss epss 0.01

    HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.

  • CVE-2022-38661Nov 4, 2022
    risk 0.00cvss epss 0.00

    HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash.

  • CVE-2022-38660Nov 4, 2022
    risk 0.00cvss epss 0.00

    HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.  

  • CVE-2020-4099Nov 1, 2022
    risk 0.00cvss epss 0.00

    The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

  • CVE-2021-27784Oct 31, 2022
    risk 0.00cvss epss 0.00

    The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.

  • CVE-2021-27774Sep 22, 2022
    risk 0.00cvss epss 0.00

    User input included in error response, which could be used in a phishing attack.

  • CVE-2022-27563Aug 30, 2022
    risk 0.00cvss epss 0.01

    An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.

  • CVE-2022-27560Aug 30, 2022
    risk 0.00cvss epss 0.00

    HCL VersionVault Express exposes administrator credentials.

  • CVE-2022-27558Aug 29, 2022
    risk 0.00cvss epss 0.00

    HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.

  • CVE-2022-27547Aug 29, 2022
    risk 0.00cvss epss 0.00

    HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.

  • CVE-2022-27546Aug 29, 2022
    risk 0.00cvss epss 0.01

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a…

  • CVE-2022-22369Aug 10, 2022
    risk 0.00cvss epss 0.00

    IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.

  • CVE-2022-36831Aug 5, 2022
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.

  • CVE-2022-27551Aug 3, 2022
    risk 0.00cvss epss 0.00

    HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.

  • CVE-2021-27785Jul 29, 2022
    risk 0.00cvss epss 0.00

    HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.

  • CVE-2022-27545Jul 19, 2022
    risk 0.00cvss epss 0.00

    BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.

  • CVE-2022-27544Jul 19, 2022
    risk 0.00cvss epss 0.00

    BigFix Web Reports authorized users may see SMTP credentials in clear text.

  • CVE-2022-27549Jul 6, 2022
    risk 0.00cvss epss 0.00

    HCL Launch may store certain data for recurring activities in a plain text format.

  • CVE-2022-27548Jul 6, 2022
    risk 0.00cvss epss 0.00

    HCL Launch stores user credentials in plain clear text which can be read by a local user.

  • CVE-2021-27781May 27, 2022
    risk 0.00cvss epss 0.00

    The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.

  • CVE-2021-27780May 27, 2022
    risk 0.00cvss epss 0.01

    The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

  • CVE-2021-27783May 25, 2022
    risk 0.00cvss epss 0.00

    User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.

  • CVE-2021-27779May 25, 2022
    risk 0.00cvss epss 0.01

    VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.

  • CVE-2021-27777May 12, 2022
    risk 0.00cvss epss 0.01

    XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.

  • CVE-2021-27770May 12, 2022
    risk 0.00cvss epss 0.01

    The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will…

  • CVE-2021-27768May 12, 2022
    risk 0.00cvss epss 0.00

    Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in…

  • CVE-2021-27767May 6, 2022
    risk 0.00cvss epss 0.00

    The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying…

  • CVE-2021-27766May 6, 2022
    risk 0.00cvss epss 0.00

    The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying…

  • CVE-2021-27765May 6, 2022
    risk 0.00cvss epss 0.00

    The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying…

  • CVE-2021-27764May 6, 2022
    risk 0.00cvss epss 0.01

    Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)

  • CVE-2021-27762May 6, 2022
    risk 0.00cvss epss 0.01

    Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses

  • CVE-2021-27761May 6, 2022
    risk 0.00cvss epss 0.00

    Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks

  • CVE-2021-27760May 6, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.

  • CVE-2021-27753Feb 21, 2022
    risk 0.00cvss epss 0.00

    "Sametime Android PathTraversal Vulnerability"

  • CVE-2021-27741Aug 13, 2021
    risk 0.00cvss epss 0.01

    " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"

  • CVE-2021-25405Jun 11, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

  • CVE-2020-14246Feb 4, 2021
    risk 0.00cvss epss 0.01

    HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.

  • CVE-2020-14247Feb 4, 2021
    risk 0.00cvss epss 0.01

    HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.

  • CVE-2020-14245Feb 4, 2021
    risk 0.00cvss epss 0.01

    HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.

  • CVE-2020-4081Feb 2, 2021
    risk 0.00cvss epss 0.01

    In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).

  • CVE-2020-14255Feb 2, 2021
    risk 0.00cvss epss 0.01

    HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.

  • CVE-2020-14221Feb 2, 2021
    risk 0.00cvss epss 0.01

    HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.

  • CVE-2020-4674Jan 12, 2021
    risk 0.00cvss epss 0.01

    IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.

  • CVE-2020-4673Jan 12, 2021
    risk 0.00cvss epss 0.01

    IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.

  • CVE-2020-14270Dec 22, 2020
    risk 0.00cvss epss 0.01

    HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server.

  • CVE-2020-14224Dec 18, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which…

  • CVE-2020-14232Dec 17, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the…

  • CVE-2020-14268Dec 14, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which…

  • CVE-2020-4102Dec 2, 2020
    risk 0.00cvss epss 0.00

    HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.

  • CVE-2020-14258Nov 21, 2020
    risk 0.00cvss epss 0.01

    HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.

Page 7 of 8