Vulnerabilities > Hcltechsw
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-21 | CVE-2022-42454 | Unspecified vulnerability in Hcltechsw Bigfix Insights for vulnerability Remediation Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure.? This requires privileged network access. | 5.3 |
| 2022-12-21 | CVE-2022-44756 | Improper Input Validation vulnerability in Hcltechsw Bigfix Insights for vulnerability Remediation Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. | 6.5 |
| 2022-12-12 | CVE-2022-38656 | Unspecified vulnerability in Hcltechsw HCL Commerce 9.1.8/9.1.9 HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | 9.8 |
| 2022-12-12 | CVE-2022-38661 | Unspecified vulnerability in Hcltechsw HCL Workload Automation HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | 7.1 |
| 2022-12-12 | CVE-2022-42445 | Unspecified vulnerability in Hcltechsw HCL Launch HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | 4.9 |
| 2022-07-06 | CVE-2022-27548 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch stores user credentials in plain clear text which can be read by a local user. | 2.1 |
| 2022-07-06 | CVE-2022-27549 | Cleartext Storage of Sensitive Information vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch may store certain data for recurring activities in a plain text format. | 5.5 |
| 2022-05-06 | CVE-2021-27751 | Insufficient Session Expiration vulnerability in Hcltechsw HCL Commerce HCL Commerce is affected by an Insufficient Session Expiration vulnerability. | 1.9 |
| 2021-10-21 | CVE-2021-27746 | Cross-site Scripting vulnerability in Hcltechsw Connections 6.0 "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" | 3.5 |
| 2021-08-13 | CVE-2021-27741 | XXE vulnerability in Hcltechsw HCL Commerce " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | 6.4 |