Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-30 | CVE-2020-4127 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Domino 10.0.1/9.0.1 HCL Domino is susceptible to a Login CSRF vulnerability. | 6.5 |
| 2020-11-21 | CVE-2020-14258 | Improper Input Validation vulnerability in Hcltech Notes 10.0/11.0/9.0 HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. | 7.5 |
| 2020-11-21 | CVE-2020-14234 | Improper Input Validation vulnerability in Hcltech Domino 10.0.0/9.0/9.0.1 HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. | 7.5 |
| 2020-11-21 | CVE-2020-14230 | Improper Input Validation vulnerability in Hcltech Domino HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. | 7.5 |
| 2020-11-05 | CVE-2020-4097 | Classic Buffer Overflow vulnerability in Hcltech Notes In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. | 6.8 |
| 2020-11-05 | CVE-2020-14240 | Cross-site Scripting vulnerability in Hcltech Notes HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. | 6.1 |
| 2020-11-05 | CVE-2020-14222 | Cross-site Scripting vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). | 6.1 |
| 2020-10-06 | CVE-2019-4326 | Improper Encoding or Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | 7.5 |
| 2020-10-06 | CVE-2019-4325 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Appscan 10.0.0/10.0.1/9.0.3.14 "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | 5.3 |
| 2020-10-01 | CVE-2020-14223 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). | 6.1 |