Vulnerabilities > Hcltechsw > Onetest Performance > 10.1.0

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2020-14247 Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
network
low complexity
hcltechsw CWE-613
6.4
6.4
2021-02-04 CVE-2020-14246 Insufficiently Protected Credentials vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak.
network
low complexity
hcltechsw CWE-522
5.0
5.0
2021-02-04 CVE-2020-14245 Improper Authentication vulnerability in Hcltechsw Onetest Performance
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
network
low complexity
hcltechsw CWE-287
7.5
7.5