Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-23344 | Incorrect Default Permissions vulnerability in Hcltech Bigfix Webui Insights 14 A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | 6.5 |
| 2023-06-22 | CVE-2023-28006 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | 7.8 |
| 2023-06-22 | CVE-2023-28016 | Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-06-22 | CVE-2023-23343 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-04-26 | CVE-2023-28008 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-26 | CVE-2023-28009 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-02 | CVE-2022-42447 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). | 8.8 |
| 2023-03-10 | CVE-2021-27788 | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-02-12 | CVE-2022-38657 | Open Redirect vulnerability in Hcltech HCL Leap An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | 5.4 |
| 2023-01-20 | CVE-2021-27782 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |