Vulnerabilities > Hcltech > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-45722 | Path Traversal vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. | 9.8 |
| 2024-01-03 | CVE-2023-45723 | Path Traversal vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. | 9.8 |
| 2024-01-03 | CVE-2023-45724 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. | 9.8 |
| 2024-01-03 | CVE-2023-50351 | Unspecified vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | 9.1 |
| 2023-10-19 | CVE-2023-37503 | Weak Password Requirements vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to insecure password requirements. | 9.8 |
| 2022-06-09 | CVE-2021-27786 | Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2 Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. | 9.8 |
| 2022-05-25 | CVE-2021-27779 | Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1 VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | 9.1 |
| 2022-05-06 | CVE-2021-27762 | Unspecified vulnerability in Hcltech Bigfix Platform Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | 9.8 |
| 2020-12-18 | CVE-2020-14224 | Out-of-bounds Write vulnerability in Hcltech Notes 9.0/9.0.1 A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. | 9.8 |
| 2020-12-14 | CVE-2020-14268 | Out-of-bounds Write vulnerability in Hcltech Notes A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. | 9.8 |