Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2019-4091 | Cross-site Scripting vulnerability in Hcltech Marketing Campaign 9.1.2.4 "HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. | 3.5 |
| 2020-07-17 | CVE-2019-4090 | Cross-site Scripting vulnerability in Hcltech Marketing Campaign 11.0.1 "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | 3.5 |
| 2020-07-16 | CVE-2020-4095 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform "BigFix Platform is storing clear text credentials within the system's memory. | 2.1 |
| 2020-07-07 | CVE-2019-4324 | Cross-site Scripting vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | 4.3 |
| 2020-07-07 | CVE-2019-4323 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | 4.3 |
| 2020-07-01 | CVE-2017-1712 | Inadequate Encryption Strength vulnerability in Hcltech Domino "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | 4.3 |
| 2020-06-26 | CVE-2020-4089 | Information Exposure vulnerability in Hcltech Notes 10.0/11.0/9.0 HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. | 4.3 |
| 2020-06-11 | CVE-2020-4101 | Server-Side Request Forgery (SSRF) vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 "HCL Digital Experience is susceptible to Server Side Request Forgery." | 7.5 |
| 2020-05-06 | CVE-2020-4092 | Cleartext Transmission of Sensitive Information vulnerability in Hcltech HCL Nomad "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. | 5.0 |
| 2020-05-01 | CVE-2019-4209 | Open Redirect vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | 5.8 |