Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-18 | CVE-2023-37502 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to lack of file upload security. | 8.8 |
| 2023-10-17 | CVE-2023-37537 | Unquoted Search Path or Element vulnerability in Hcltech Appscan Presence 2.1.37 An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | 7.8 |
| 2023-10-11 | CVE-2023-37538 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience is susceptible to cross site scripting (XSS). | 6.1 |
| 2023-10-11 | CVE-2022-44757 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. | 8.2 |
| 2023-10-11 | CVE-2022-44758 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. | 5.3 |
| 2023-10-11 | CVE-2023-37536 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 8.8 |
| 2023-10-11 | CVE-2022-42451 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Patch Management 1054 Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | 4.4 |
| 2023-09-08 | CVE-2023-28010 | Unspecified vulnerability in Hcltech Domino 12.0.2 In some configuration scenarios, the Domino server host name can be exposed. | 5.3 |
| 2023-08-11 | CVE-2023-37511 | Unspecified vulnerability in Hcltech Traveler to DO If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | 4.3 |
| 2023-08-11 | CVE-2023-37512 | Unspecified vulnerability in Hcltech Traveler Companion When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | 5.5 |