Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-02 | CVE-2022-42447 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). | 8.8 |
| 2023-03-10 | CVE-2021-27788 | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-02-12 | CVE-2022-38657 | Open Redirect vulnerability in Hcltech HCL Leap An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | 5.4 |
| 2023-01-20 | CVE-2021-27782 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |
| 2022-12-24 | CVE-2022-38658 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Server Automation BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. | 7.5 |
| 2022-12-21 | CVE-2022-38655 | Unspecified vulnerability in Hcltech Bigfix Webui 20 BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | 5.8 |
| 2022-12-19 | CVE-2022-38653 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | 5.4 |
| 2022-12-19 | CVE-2022-38659 | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | 7.8 |
| 2022-12-19 | CVE-2022-38662 | Open Redirect vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | 6.1 |
| 2022-12-19 | CVE-2022-42453 | Improper Authentication vulnerability in Hcltech Bigfix Platform There are insufficient warnings when a Fixlet is imported by a user. | 6.5 |