Vulnerabilities > Hcltech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-27544 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may see SMTP credentials in clear text. | 6.5 |
| 2022-07-19 | CVE-2022-27545 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | 5.4 |
| 2022-06-01 | CVE-2021-27778 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. | 4.8 |
| 2022-05-27 | CVE-2021-27780 | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.3 |
| 2022-05-27 | CVE-2021-27781 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 4.8 |
| 2022-05-25 | CVE-2021-27783 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 6.5 |
| 2022-05-12 | CVE-2021-27768 | Improper Certificate Validation vulnerability in Hcltech Verse Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. | 5.9 |
| 2022-05-12 | CVE-2021-27769 | Unspecified vulnerability in Hcltech Sametime 11.6 Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. | 5.3 |
| 2022-05-12 | CVE-2021-27772 | Unspecified vulnerability in Hcltech Sametime 11.6 Users are able to read group conversations without actively taking part in them. | 6.5 |
| 2022-05-12 | CVE-2021-27773 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime 11.6 This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | 4.3 |