Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2022-11-04 CVE-2022-38654 Unspecified vulnerability in Hcltech Domino
HCL Domino is susceptible to an information disclosure vulnerability.
local
low complexity
hcltech
5.5
2022-11-04 CVE-2022-38660 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Domino 9.0/9.0.1
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability.
network
low complexity
hcltech CWE-352
8.8
2022-11-01 CVE-2020-4099 Inadequate Encryption Strength vulnerability in Hcltech Verse 12.0.9
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures.
network
low complexity
hcltech CWE-326
7.5
2022-10-31 CVE-2021-27784 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech HCL Launch Container Image 7.1.0.1
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key.
network
low complexity
hcltech CWE-327
7.5
2022-06-09 CVE-2021-27786 Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner.
network
hcltech CWE-697
6.8
2022-06-01 CVE-2021-27778 Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages.
network
hcltech CWE-79
3.5
2022-05-27 CVE-2021-27780 Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
network
low complexity
hcltech
5.0
2022-05-27 CVE-2021-27781 Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
network
hcltech CWE-79
3.5
2022-05-25 CVE-2021-27779 Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
network
low complexity
hcltech CWE-311
6.4
2022-05-25 CVE-2021-27783 Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
network
low complexity
hcltech CWE-311
4.0