Vulnerabilities > Hcltech
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-05 | CVE-2020-4083 | Information Exposure Through Log Files vulnerability in Hcltech Connections 6.5 HCL Connections 6.5 is vulnerable to possible information leakage. | 5.5 |
2020-03-05 | CVE-2020-4082 | Cross-site Scripting vulnerability in Hcltech Connections 5.5 The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
2020-02-28 | CVE-2019-4301 | Unspecified vulnerability in Hcltech Self-Service Application 3.0.0 BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. | 8.4 |
2020-02-14 | CVE-2019-4392 | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.13 HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | 9.8 |
2019-12-18 | CVE-2019-4388 | Cross-site Scripting vulnerability in Hcltech Appscan Source HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. | 4.8 |
2019-10-18 | CVE-2019-4409 | Cross-site Scripting vulnerability in Hcltech Traveler HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. | 5.4 |
2019-09-25 | CVE-2019-16188 | XXE vulnerability in Hcltech Appscan Source HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. | 7.1 |
2018-05-30 | CVE-2018-11518 | Improper Input Validation vulnerability in Hcltech Legacy IVR Firmware A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. | 8.1 |