Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2023-37532 | Path Traversal vulnerability in Hcltech Commerce 9.1.13.2/9.1.8 HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | 4.3 |
| 2023-10-19 | CVE-2023-37503 | Weak Password Requirements vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to insecure password requirements. | 9.8 |
| 2023-10-19 | CVE-2023-37504 | Insufficient Session Expiration vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to failure to invalidate sessions. | 6.5 |
| 2023-10-18 | CVE-2023-37502 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to lack of file upload security. | 8.8 |
| 2023-10-17 | CVE-2023-37537 | Unquoted Search Path or Element vulnerability in Hcltech Appscan Presence 2.1.37 An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | 7.8 |
| 2023-10-11 | CVE-2023-37538 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience is susceptible to cross site scripting (XSS). | 6.1 |
| 2023-10-11 | CVE-2022-44757 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. | 8.2 |
| 2023-10-11 | CVE-2022-44758 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. | 5.3 |
| 2023-10-11 | CVE-2023-37536 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 8.8 |
| 2023-10-11 | CVE-2022-42451 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Patch Management 1054 Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | 4.4 |