Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-37533 | Cross-site Scripting vulnerability in Hcltech Connections 8.0 HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. | 6.1 |
| 2023-10-23 | CVE-2023-37532 | Path Traversal vulnerability in Hcltech Commerce 9.1.13.2/9.1.8 HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | 4.3 |
| 2023-10-19 | CVE-2023-37503 | Weak Password Requirements vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to insecure password requirements. | 9.8 |
| 2023-10-19 | CVE-2023-37504 | Insufficient Session Expiration vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to failure to invalidate sessions. | 6.5 |
| 2023-10-18 | CVE-2023-37502 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to lack of file upload security. | 8.8 |
| 2023-10-17 | CVE-2023-37537 | Unquoted Search Path or Element vulnerability in Hcltech Appscan Presence 2.1.37 An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | 7.8 |
| 2023-10-11 | CVE-2023-37538 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 HCL Digital Experience is susceptible to cross site scripting (XSS). | 6.1 |
| 2023-10-11 | CVE-2022-44757 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. | 8.2 |
| 2023-10-11 | CVE-2022-44758 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. | 5.3 |
| 2023-10-11 | CVE-2023-37536 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 8.8 |