Vulnerabilities > Hcltech > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-01 CVE-2020-4126 Missing Encryption of Sensitive Data vulnerability in Hcltech HCL Inotes
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability.
network
high complexity
hcltech CWE-311
5.9
5.9
2020-11-30 CVE-2020-4127 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Domino 10.0.1/9.0.1
HCL Domino is susceptible to a Login CSRF vulnerability.
network
low complexity
hcltech CWE-352
6.5
6.5
2020-11-05 CVE-2020-4097 Classic Buffer Overflow vulnerability in Hcltech Notes
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow.
low complexity
hcltech CWE-120
6.8
6.8
2020-11-05 CVE-2020-14240 Cross-site Scripting vulnerability in Hcltech Notes
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability.
network
low complexity
hcltech CWE-79
6.1
6.1
2020-11-05 CVE-2020-14222 Cross-site Scripting vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS).
network
low complexity
hcltech CWE-79
6.1
6.1
2020-10-06 CVE-2019-4325 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Appscan 10.0.0/10.0.1/9.0.3.14
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
network
low complexity
hcltech CWE-327
5.3
5.3
2020-10-01 CVE-2020-14223 Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS).
network
low complexity
hcltech CWE-79
6.1
6.1
2020-07-17 CVE-2020-4104 Cross-site Scripting vulnerability in Hcltech Bigfix Webui
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module.
network
low complexity
hcltech CWE-79
5.4
5.4
2020-07-17 CVE-2019-4091 Cross-site Scripting vulnerability in Hcltech Marketing Campaign
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system.
network
low complexity
hcltech CWE-79
5.4
5.4
2020-07-17 CVE-2019-4090 Cross-site Scripting vulnerability in Hcltech Marketing Campaign 10.1.0/11.0.1/11.1.0
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
network
low complexity
hcltech CWE-79
5.4
5.4