Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2021-27770 | Unspecified vulnerability in Hcltech Sametime 11.6 The vulnerability was discovered within the “FaviconService”. | 8.8 |
| 2022-05-12 | CVE-2021-27771 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Sametime 11.6 User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. | 6.5 |
| 2022-05-12 | CVE-2021-27772 | Unspecified vulnerability in Hcltech Sametime 11.6 Users are able to read group conversations without actively taking part in them. | 4.0 |
| 2022-05-12 | CVE-2021-27773 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime 11.6 This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | 4.3 |
| 2022-05-12 | CVE-2021-27777 | XXE vulnerability in Hcltech Unica XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. | 5.0 |
| 2022-05-06 | CVE-2021-27758 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | 4.3 |
| 2022-05-06 | CVE-2021-27759 | Insufficient Verification of Data Authenticity vulnerability in Hcltech Bigfix Inventory This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. | 4.3 |
| 2022-05-06 | CVE-2021-27760 | Unspecified vulnerability in Hcltech HCL Inotes 11.0.0/11.0.1 An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. network hcltech | 6.0 |
| 2022-05-06 | CVE-2021-27761 | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | 5.0 |
| 2022-05-06 | CVE-2021-27762 | Unspecified vulnerability in Hcltech Bigfix Platform Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | 7.5 |