VYPR

Vendor CVEs

HCL Software

All CVEs

380 total · sorted by risk
  • CVE-2020-14222Nov 5, 2020
    risk 0.00cvss epss 0.01

    HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

  • CVE-2020-4097Nov 5, 2020
    risk 0.00cvss epss 0.00

    In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an…

  • CVE-2020-14240Nov 5, 2020
    risk 0.00cvss epss 0.01

    HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting…

  • CVE-2019-4326Oct 6, 2020
    risk 0.00cvss epss 0.01

    "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."

  • CVE-2019-4325Oct 6, 2020
    risk 0.00cvss epss 0.01

    "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."

  • CVE-2020-14223Oct 1, 2020
    risk 0.00cvss epss 0.01

    HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.

  • CVE-2020-4104Jul 17, 2020
    risk 0.00cvss epss 0.01

    HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in…

  • CVE-2020-4100Jul 15, 2020
    risk 0.00cvss epss 0.00

    "HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded…

  • CVE-2019-4323Jul 7, 2020
    risk 0.00cvss epss 0.01

    "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."

  • CVE-2019-4324Jul 7, 2020
    risk 0.00cvss epss 0.01

    "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."

  • CVE-2020-4089Jun 26, 2020
    risk 0.00cvss epss 0.01

    HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and…

  • CVE-2020-4101Jun 11, 2020
    risk 0.00cvss epss 0.01

    "HCL Digital Experience is susceptible to Server Side Request Forgery."

  • CVE-2020-4380Jun 11, 2020
    risk 0.00cvss epss 0.01

    IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2019-4209May 1, 2020
    risk 0.00cvss epss 0.01

    HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.

  • CVE-2019-4327Apr 21, 2020
    risk 0.00cvss epss 0.01

    "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."

  • CVE-2019-4393Apr 7, 2020
    risk 0.00cvss epss 0.01

    HCL AppScan Standard is vulnerable to excessive authorization attempts

  • CVE-2019-4391Apr 7, 2020
    risk 0.00cvss epss 0.01

    HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data

  • CVE-2020-4084Mar 9, 2020
    risk 0.00cvss epss 0.01

    HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2020-4082Mar 5, 2020
    risk 0.00cvss epss 0.01

    The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security…

  • CVE-2020-4083Mar 5, 2020
    risk 0.00cvss epss 0.00

    HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.

  • CVE-2019-4301Feb 28, 2020
    risk 0.00cvss epss 0.01

    BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.

  • CVE-2019-4392Feb 14, 2020
    risk 0.00cvss epss 0.01

    HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.

  • CVE-2018-14989Apr 25, 2019
    risk 0.00cvss epss 0.02

    The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-eng.root.20161223.224055) that…

  • CVE-2019-6504Feb 6, 2019
    risk 0.00cvss epss 0.02

    Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.

  • CVE-2017-1202Feb 5, 2019
    risk 0.00cvss epss 0.01

    IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID:…

  • CVE-2017-1198Feb 5, 2019
    risk 0.00cvss epss 0.01

    IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.

  • CVE-2017-1200Feb 5, 2019
    risk 0.00cvss epss 0.01

    IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host…

  • CVE-2017-1177Feb 5, 2019
    risk 0.00cvss epss 0.01

    IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.

  • CVE-2002-2014Dec 31, 2002
    risk 0.00cvss epss 0.02

    Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.

  • CVE-1999-0429Mar 1, 1999
    risk 0.00cvss epss 0.01

    The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.

Page 8 of 8