Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-14273 Improper Input Validation vulnerability in Hcltech Domino 10.0.1/11.0.0/11.0.1
HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API.
network
low complexity
hcltech CWE-20
5.0
2020-12-22 CVE-2020-14270 Information Exposure Through AN Error Message vulnerability in Hcltech Domino
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input.
network
low complexity
hcltech CWE-209
5.0
2020-12-21 CVE-2020-14225 HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content.
network
hcltech hcltechsw
4.3
2020-12-18 CVE-2020-14271 Cross-Site Scripting vulnerability in Hcltech HCL Inotes 10.0.1/11.0.0/11.0.1
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content.
network
hcltech CWE-79
4.3
2020-12-18 CVE-2020-14224 Out-Of-Bounds Write vulnerability in Hcltech Notes 9.0/9.0.1
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.
network
low complexity
hcltech CWE-787
critical
10.0
2020-12-18 CVE-2020-4080 Cross-Site Scripting vulnerability in Hcltech Domino
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content.
network
hcltech CWE-79
4.3
2020-12-18 CVE-2020-14232 Unspecified vulnerability in Hcltech Notes 9.0/9.0.1
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow.
network
low complexity
hcltech
critical
9.0
2020-12-16 CVE-2020-14254 Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Platform
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2.
network
hcltech CWE-311
4.3
2020-12-16 CVE-2020-14248 Cleartext Transmission of Sensitive Information vulnerability in Hcltech Bigfix Platform
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
network
low complexity
hcltech CWE-319
5.0
2020-12-14 CVE-2020-14268 Out-Of-Bounds Write vulnerability in Hcltech Notes
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.
network
low complexity
hcltech CWE-787
critical
10.0