Vulnerabilities > Hcltechsw
|2021-10-21||CVE-2021-27746|| Cross-site Scripting vulnerability in Hcltechsw Connections 6.0 |
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
| 3.5 |
|2021-08-13||CVE-2021-27741|| XXE vulnerability in Hcltechsw HCL Commerce |
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
| 6.4 |
|2021-02-04||CVE-2020-14247|| Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 |
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
| 6.4 |
|2021-02-04||CVE-2020-14246|| Insufficiently Protected Credentials vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 |
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak.
| 5.0 |
|2021-02-04||CVE-2020-14245|| Improper Authentication vulnerability in Hcltechsw Onetest Performance |
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
| 7.5 |
|2021-01-12||CVE-2020-14275|| Unspecified vulnerability in Hcltechsw HCL Commerce |
Security vulnerability in HCL Commerce 126.96.36.199 through 188.8.131.52, 184.108.40.206 through 220.127.116.11 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
| 7.5 |
|2021-01-12||CVE-2020-14274|| Information Exposure vulnerability in Hcltechsw HCL Commerce |
Information disclosure vulnerability in HCL Commerce 18.104.22.168 through 22.214.171.124 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.
| 5.0 |
|2020-12-22||CVE-2020-14231|| Out-of-bounds Write vulnerability in Hcltechsw HCL Client Application Access 9.0 |
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow.
| 6.5 |
|2020-12-21||CVE-2020-14225||HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content.|| 4.3 |
|2020-07-15||CVE-2020-4100|| Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4 |
"HCL Verse for Android was found to employ dynamic code loading.
| 2.1 |