Vulnerabilities > Hcltechsw
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-21 | CVE-2021-27746 | Cross-site Scripting vulnerability in Hcltechsw Connections 6.0 "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" | 5.4 |
2021-08-13 | CVE-2021-27741 | XXE vulnerability in Hcltechsw HCL Commerce " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | 9.1 |
2021-02-04 | CVE-2020-14247 | Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. | 6.5 |
2021-02-04 | CVE-2020-14246 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. | 7.5 |
2021-02-04 | CVE-2020-14245 | Missing Authentication for Critical Function vulnerability in Hcltechsw Onetest Performance HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. | 9.8 |
2021-01-12 | CVE-2020-14275 | Unspecified vulnerability in Hcltechsw HCL Commerce Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | 9.8 |
2021-01-12 | CVE-2020-14274 | Unspecified vulnerability in Hcltechsw HCL Commerce Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | 7.5 |
2020-12-22 | CVE-2020-14231 | Out-of-bounds Write vulnerability in Hcltechsw HCL Client Application Access 9.0 A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. | 8.8 |
2020-12-21 | CVE-2020-14225 | HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. | 6.5 |
2020-07-15 | CVE-2020-4100 | Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4 "HCL Verse for Android was found to employ dynamic code loading. | 4.4 |