Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2021-27768 | Improper Certificate Validation vulnerability in Hcltech Verse Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. | 5.9 |
| 2022-05-12 | CVE-2021-27769 | Unspecified vulnerability in Hcltech Sametime 11.6 Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. | 5.3 |
| 2022-05-12 | CVE-2021-27770 | Unspecified vulnerability in Hcltech Sametime 11.6 The vulnerability was discovered within the “FaviconService”. | 8.8 |
| 2022-05-12 | CVE-2021-27771 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Sametime 11.6 User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. | 7.6 |
| 2022-05-12 | CVE-2021-27772 | Unspecified vulnerability in Hcltech Sametime 11.6 Users are able to read group conversations without actively taking part in them. | 6.5 |
| 2022-05-12 | CVE-2021-27773 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime 11.6 This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | 4.3 |
| 2022-05-12 | CVE-2021-27777 | XXE vulnerability in Hcltech Unica XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. | 7.5 |
| 2022-05-06 | CVE-2021-27758 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | 6.5 |
| 2022-05-06 | CVE-2021-27759 | Insufficient Verification of Data Authenticity vulnerability in Hcltech Bigfix Inventory This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. | 6.5 |
| 2022-05-06 | CVE-2021-27760 | Unspecified vulnerability in Hcltech HCL Inotes 11.0.0/11.0.1 An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. | 5.5 |