Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2022-06-09 CVE-2021-27786 Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner.
network
hcltech CWE-697
6.8
2022-06-01 CVE-2021-27778 Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages.
network
hcltech CWE-79
3.5
2022-05-27 CVE-2021-27780 Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
network
low complexity
hcltech
5.0
2022-05-27 CVE-2021-27781 Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
network
hcltech CWE-79
3.5
2022-05-25 CVE-2021-27779 Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
network
low complexity
hcltech CWE-311
6.4
2022-05-25 CVE-2021-27783 Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
network
low complexity
hcltech CWE-311
4.0
2022-05-19 CVE-2020-4107 Unspecified vulnerability in Hcltech Domino 10.0/11.0/9.0
HCL Domino is affected by an Insufficient Access Control vulnerability.
local
low complexity
hcltech
4.6
2022-05-12 CVE-2021-27768 Improper Certificate Validation vulnerability in Hcltech Verse
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted.
network
hcltech CWE-295
4.3
2022-05-12 CVE-2021-27769 Exposure of Resource to Wrong Sphere vulnerability in Hcltech Sametime 11.6
Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system.
network
low complexity
hcltech CWE-668
5.0
2022-05-12 CVE-2021-27770 Exposure of Resource to Wrong Sphere vulnerability in Hcltech Sametime 11.6
The vulnerability was discovered within the “FaviconService”.
network
hcltech CWE-668
6.8