Vulnerabilities > Hcltech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-28006 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | 7.8 |
| 2023-04-26 | CVE-2023-28008 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-26 | CVE-2023-28009 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-02 | CVE-2022-42447 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). | 8.8 |
| 2023-01-20 | CVE-2021-27782 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |
| 2022-12-24 | CVE-2022-38658 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Server Automation BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. | 7.5 |
| 2022-12-19 | CVE-2022-38659 | Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | 7.8 |
| 2022-12-19 | CVE-2022-44750 | Out-of-bounds Write vulnerability in Hcltech Domino 9.0/9.0.1 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. | 7.8 |
| 2022-12-19 | CVE-2022-44751 | Out-of-bounds Write vulnerability in Hcltech Notes 10.0.1/9.0.1 HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. | 7.8 |
| 2022-12-19 | CVE-2022-44752 | Out-of-bounds Write vulnerability in Hcltech Domino 9.0/9.0.1 HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. | 7.8 |