Vulnerabilities > Hcltech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-11 | CVE-2022-44757 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Insights for vulnerability Remediation 2.0/2.0.2 BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. | 8.2 |
| 2023-10-11 | CVE-2023-37536 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 8.8 |
| 2023-08-10 | CVE-2023-23342 | Unspecified vulnerability in Hcltech HCL Nomad If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | 7.1 |
| 2023-08-09 | CVE-2023-23347 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Dryice Iautomate 6.0/6.1/6.2 HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. | 7.1 |
| 2023-08-09 | CVE-2023-23346 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Dryice Mycloud HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. | 7.1 |
| 2023-08-03 | CVE-2023-37497 | XXE vulnerability in Hcltech Unica The Unica application exposes an API which accepts arbitrary XML input. | 8.8 |
| 2023-08-03 | CVE-2023-37498 | Unspecified vulnerability in Hcltech Unica A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. | 8.8 |
| 2023-07-27 | CVE-2023-28012 | Command Injection vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a command injection attack. | 8.8 |
| 2023-07-18 | CVE-2023-28021 | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Webui The BigFix WebUI uses weak cipher suites. | 7.5 |
| 2023-07-18 | CVE-2023-28019 | SQL Injection vulnerability in Hcltech Bigfix Webui Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | 8.8 |