Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-27764 | Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Bigfix Webui Cookie without HTTPONLY flag set. | 6.5 |
| 2022-05-06 | CVE-2021-27765 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 4.6 |
| 2022-05-06 | CVE-2021-27766 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 4.6 |
| 2022-05-06 | CVE-2021-27767 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 4.6 |
| 2022-03-04 | CVE-2021-27756 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix Compliance 2.0/2.0.5 "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. | 4.3 |
| 2022-03-04 | CVE-2021-27757 | Cleartext Storage of Sensitive Information vulnerability in Hcltech Bigfix Insights 10.0 " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." | 5.0 |
| 2022-02-21 | CVE-2021-27753 | Path Traversal vulnerability in Hcltech HCL Sametime "Sametime Android PathTraversal Vulnerability" | 2.1 |
| 2022-02-21 | CVE-2021-27755 | Path Traversal vulnerability in Hcltech HCL Sametime "Sametime Android potential path traversal vulnerability when using File class" | 2.1 |
| 2021-10-25 | CVE-2020-14264 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Traveler Companion 11.0.5/11.0.6/11.0.7 "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | 2.1 |
| 2021-10-21 | CVE-2020-14263 | Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Traveler Companion 11.0.5/11.0.6/11.0.7 "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | 2.1 |