Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2021-27784 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech HCL Launch Container Image 7.1.0.1 The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. | 7.5 |
| 2022-06-09 | CVE-2021-27786 | Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2 Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. | 6.8 |
| 2022-06-01 | CVE-2021-27778 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. | 3.5 |
| 2022-05-27 | CVE-2021-27780 | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.0 |
| 2022-05-27 | CVE-2021-27781 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 3.5 |
| 2022-05-25 | CVE-2021-27779 | Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1 VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | 6.4 |
| 2022-05-25 | CVE-2021-27783 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 4.0 |
| 2022-05-19 | CVE-2020-4107 | Unspecified vulnerability in Hcltech Domino 10.0/11.0/9.0 HCL Domino is affected by an Insufficient Access Control vulnerability. | 4.6 |
| 2022-05-12 | CVE-2021-27768 | Improper Certificate Validation vulnerability in Hcltech Verse Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. | 4.3 |
| 2022-05-12 | CVE-2021-27769 | Unspecified vulnerability in Hcltech Sametime 11.6 Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. | 5.0 |