Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-06 | CVE-2019-4325 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Appscan 10.0.0/10.0.1/9.0.3.14 "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | 5.0 |
| 2020-10-01 | CVE-2020-14223 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). | 4.3 |
| 2020-07-17 | CVE-2020-4104 | Cross-site Scripting vulnerability in Hcltech Bigfix Webui HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. | 3.5 |
| 2020-07-17 | CVE-2019-4091 | Cross-site Scripting vulnerability in Hcltech Marketing Campaign 9.1.2.4 "HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. | 3.5 |
| 2020-07-17 | CVE-2019-4090 | Cross-site Scripting vulnerability in Hcltech Marketing Campaign 11.0.1 "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | 3.5 |
| 2020-07-16 | CVE-2020-4095 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform "BigFix Platform is storing clear text credentials within the system's memory. | 2.1 |
| 2020-07-07 | CVE-2019-4324 | Cross-site Scripting vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | 4.3 |
| 2020-07-07 | CVE-2019-4323 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | 4.3 |
| 2020-07-01 | CVE-2017-1712 | Inadequate Encryption Strength vulnerability in Hcltech Domino "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | 4.3 |
| 2020-06-26 | CVE-2020-4089 | Information Exposure vulnerability in Hcltech Notes 10.0/11.0/9.0 HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. | 4.3 |