Vulnerabilities > Hcltech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-28016 | Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-06-22 | CVE-2023-23343 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-03-10 | CVE-2021-27788 | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-02-12 | CVE-2022-38657 | Open Redirect vulnerability in Hcltech HCL Leap An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | 5.4 |
| 2022-12-21 | CVE-2022-38655 | Unspecified vulnerability in Hcltech Bigfix Webui 20 BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | 5.8 |
| 2022-12-19 | CVE-2022-38653 | Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5 In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | 5.4 |
| 2022-12-19 | CVE-2022-38662 | Open Redirect vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | 6.1 |
| 2022-12-19 | CVE-2022-42453 | Improper Authentication vulnerability in Hcltech Bigfix Platform There are insufficient warnings when a Fixlet is imported by a user. | 6.5 |
| 2022-12-12 | CVE-2022-42446 | Incorrect Default Permissions vulnerability in Hcltech Sametime 12.0 Starting with Sametime 12, anonymous users are enabled by default. | 6.5 |
| 2022-11-04 | CVE-2022-38654 | Unspecified vulnerability in Hcltech Domino HCL Domino is susceptible to an information disclosure vulnerability. | 5.5 |