Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2024-03-28 CVE-2023-45705 Server-Side Request Forgery (SSRF) vulnerability in Hcltech Bigfix Platform
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.
network
low complexity
hcltech CWE-918
7.2
2024-02-29 CVE-2023-37529 Cross-site Scripting vulnerability in Hcltech Bigfix Platform
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information.
network
low complexity
hcltech CWE-79
5.4
2024-02-29 CVE-2023-37530 Cross-site Scripting vulnerability in Hcltech Bigfix Platform
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information.
network
low complexity
hcltech CWE-79
5.4
2024-02-29 CVE-2023-37531 Cross-site Scripting vulnerability in Hcltech Bigfix Platform
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access.
network
low complexity
hcltech CWE-79
4.8
2024-02-12 CVE-2023-28018 Unspecified vulnerability in Hcltech Connections 6.5/7.0/8.0
HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests.
network
low complexity
hcltech
6.5
2024-02-10 CVE-2023-45698 Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime Chat and Meetings
Sametime is impacted by lack of clickjacking protection in Outlook add-in.
network
low complexity
hcltech CWE-1021
6.1
2024-02-10 CVE-2023-45696 Unspecified vulnerability in Hcltech Sametime 11.6/12.0
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client.
network
low complexity
hcltech
7.5
2024-02-09 CVE-2023-45716 Cleartext Transmission of Sensitive Information vulnerability in Hcltech Sametime 11.6/12.0
Sametime is impacted by sensitive information passed in URL.
low complexity
hcltech CWE-319
4.1
2024-02-09 CVE-2023-45718 Session Fixation vulnerability in Hcltech Sametime 11.6/12.0
Sametime is impacted by a failure to invalidate sessions.
network
low complexity
hcltech CWE-384
7.5
2024-02-09 CVE-2023-50349 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Sametime 11.6/12.0
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability.
network
low complexity
hcltech CWE-352
8.8