Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2023-37530 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | 5.4 |
| 2024-02-29 | CVE-2023-37531 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | 4.8 |
| 2024-02-12 | CVE-2023-28018 | Unspecified vulnerability in Hcltech Connections 6.5/7.0/8.0 HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. | 6.5 |
| 2024-02-10 | CVE-2023-45698 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime Chat and Meetings Sametime is impacted by lack of clickjacking protection in Outlook add-in. | 6.1 |
| 2024-02-10 | CVE-2023-45696 | Unspecified vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. | 7.5 |
| 2024-02-09 | CVE-2023-45716 | Cleartext Transmission of Sensitive Information vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by sensitive information passed in URL. | 4.1 |
| 2024-02-09 | CVE-2023-45718 | Session Fixation vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by a failure to invalidate sessions. | 7.5 |
| 2024-02-09 | CVE-2023-50349 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. | 8.8 |
| 2024-02-03 | CVE-2023-37528 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | 6.1 |
| 2024-02-02 | CVE-2024-23553 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | 5.4 |