Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-01 | CVE-2019-4209 | Open Redirect vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | 6.1 |
| 2020-04-22 | CVE-2020-4085 | Information Exposure Through an Error Message vulnerability in Hcltech Connections 5.5/6.0/6.5 "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | 6.5 |
| 2020-04-21 | CVE-2019-4327 | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.14 "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | 7.5 |
| 2020-04-07 | CVE-2019-4393 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Appscan 10.0.0/9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to excessive authorization attempts | 9.8 |
| 2020-04-07 | CVE-2019-4391 | XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 8.2 |
| 2020-03-09 | CVE-2020-4084 | Cross-site Scripting vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. | 5.4 |
| 2020-03-05 | CVE-2020-4083 | Information Exposure Through Log Files vulnerability in Hcltech Connections 6.5 HCL Connections 6.5 is vulnerable to possible information leakage. | 5.5 |
| 2020-03-05 | CVE-2020-4082 | Cross-site Scripting vulnerability in Hcltech Connections 5.5 The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2020-02-28 | CVE-2019-4301 | Unspecified vulnerability in Hcltech Self-Service Application 3.0.0 BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. | 8.4 |
| 2020-02-14 | CVE-2019-4392 | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.13 HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | 9.8 |