Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2017-1712 | Inadequate Encryption Strength vulnerability in Hcltech Domino 9.0 "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | 5.9 |
| 2020-06-26 | CVE-2020-4089 | Unspecified vulnerability in Hcltech Notes 10.0/11.0/9.0 HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. | 6.5 |
| 2020-06-11 | CVE-2020-4101 | Server-Side Request Forgery (SSRF) vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 "HCL Digital Experience is susceptible to Server Side Request Forgery." | 9.8 |
| 2020-05-06 | CVE-2020-4092 | Cleartext Transmission of Sensitive Information vulnerability in Hcltech HCL Nomad "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. | 5.3 |
| 2020-05-01 | CVE-2019-4209 | Open Redirect vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | 6.1 |
| 2020-04-22 | CVE-2020-4085 | Information Exposure Through an Error Message vulnerability in Hcltech Connections 5.5/6.0/6.5 "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | 6.5 |
| 2020-04-21 | CVE-2019-4327 | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.14 "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | 7.5 |
| 2020-04-07 | CVE-2019-4393 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Appscan 10.0.0/9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to excessive authorization attempts | 9.8 |
| 2020-04-07 | CVE-2019-4391 | XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 8.2 |
| 2020-03-09 | CVE-2020-4084 | Cross-site Scripting vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. | 5.4 |