Vulnerabilities > Hcltech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-26 | CVE-2020-4089 | Unspecified vulnerability in Hcltech Notes 10.0/11.0/9.0 HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. | 6.5 |
| 2020-05-06 | CVE-2020-4092 | Cleartext Transmission of Sensitive Information vulnerability in Hcltech HCL Nomad "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. | 5.3 |
| 2020-05-01 | CVE-2019-4209 | Open Redirect vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | 6.1 |
| 2020-04-22 | CVE-2020-4085 | Information Exposure Through an Error Message vulnerability in Hcltech Connections 5.5/6.0/6.5 "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | 6.5 |
| 2020-03-09 | CVE-2020-4084 | Cross-site Scripting vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. | 5.4 |
| 2020-03-05 | CVE-2020-4083 | Information Exposure Through Log Files vulnerability in Hcltech Connections 6.5 HCL Connections 6.5 is vulnerable to possible information leakage. | 5.5 |
| 2020-03-05 | CVE-2020-4082 | Cross-site Scripting vulnerability in Hcltech Connections 5.5 The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2019-12-18 | CVE-2019-4388 | Cross-site Scripting vulnerability in Hcltech Appscan Source HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. | 4.8 |
| 2019-10-18 | CVE-2019-4409 | Cross-site Scripting vulnerability in Hcltech Traveler HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. | 5.4 |