Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-27767 | Improper Privilege Management vulnerability in Hcltech Bigfix Platform The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. | 7.8 |
| 2022-03-04 | CVE-2021-27756 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix Compliance 2.0/2.0.5 "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. | 7.5 |
| 2022-03-04 | CVE-2021-27757 | Cleartext Storage of Sensitive Information vulnerability in Hcltech Bigfix Insights 10.0 " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." | 7.5 |
| 2022-02-21 | CVE-2021-27753 | Path Traversal vulnerability in Hcltech HCL Sametime "Sametime Android PathTraversal Vulnerability" | 5.5 |
| 2022-02-21 | CVE-2021-27755 | Path Traversal vulnerability in Hcltech HCL Sametime "Sametime Android potential path traversal vulnerability when using File class" | 5.5 |
| 2021-10-25 | CVE-2020-14264 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Traveler Companion "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | 3.9 |
| 2021-10-21 | CVE-2020-14263 | Incorrect Permission Assignment for Critical Resource vulnerability in Hcltech Traveler Companion "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | 3.9 |
| 2021-02-02 | CVE-2020-4081 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS). | 6.1 |
| 2021-02-02 | CVE-2020-14255 | Unspecified vulnerability in Hcltech Digital Experience 9.5 HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. | 7.5 |
| 2021-02-02 | CVE-2020-14221 | Unspecified vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | 4.9 |