Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2020-12-01 CVE-2020-4129 Unspecified vulnerability in Hcltech HCL Domino 10.0.1/9.0.1
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service.
network
low complexity
hcltech
5.0
5.0
2020-12-01 CVE-2020-4126 Information Exposure vulnerability in Hcltech HCL Inotes 10.0.1/11.0.0/11.0.1
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability.
network
hcltech CWE-200
4.3
4.3
2020-11-30 CVE-2020-4127 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Domino 10.0.1/9.0.1
HCL Domino is susceptible to a Login CSRF vulnerability.
network
hcltech CWE-352
4.3
4.3
2020-11-21 CVE-2020-14258 Improper Input Validation vulnerability in Hcltech Notes 10.0/11.0/9.0
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input.
network
low complexity
hcltech CWE-20
5.0
5.0
2020-11-21 CVE-2020-14234 Improper Input Validation vulnerability in Hcltech Domino 9.0.1
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server.
network
low complexity
hcltech CWE-20
5.0
5.0
2020-11-21 CVE-2020-14230 Improper Input Validation vulnerability in Hcltech Domino 10.0.1/9.0.1
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input.
network
low complexity
hcltech CWE-20
5.0
5.0
2020-11-05 CVE-2020-4097 Classic Buffer Overflow vulnerability in Hcltech Notes
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow.
local
low complexity
hcltech CWE-120
4.6
4.6
2020-11-05 CVE-2020-14240 Cross-site Scripting vulnerability in Hcltech Notes
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability.
network
hcltech CWE-79
4.3
4.3
2020-11-05 CVE-2020-14222 Cross-site Scripting vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS).
network
hcltech CWE-79
4.3
4.3
2020-10-06 CVE-2019-4326 Improper Encoding or Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
network
low complexity
hcltech CWE-116
5.0
5.0