Vulnerabilities > Hcltechsw
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2020-14247 | Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. | 6.4 |
| 2021-02-04 | CVE-2020-14246 | Insufficiently Protected Credentials vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. | 5.0 |
| 2021-02-04 | CVE-2020-14245 | Improper Authentication vulnerability in Hcltechsw Onetest Performance HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. | 7.5 |
| 2021-01-12 | CVE-2020-14275 | Unspecified vulnerability in Hcltechsw HCL Commerce Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | 7.5 |
| 2021-01-12 | CVE-2020-14274 | Information Exposure vulnerability in Hcltechsw HCL Commerce Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | 5.0 |
| 2020-12-22 | CVE-2020-14231 | Out-of-bounds Write vulnerability in Hcltechsw HCL Client Application Access 9.0 A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. | 6.5 |
| 2020-12-21 | CVE-2020-14225 | HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. | 4.3 |
| 2020-07-15 | CVE-2020-4100 | Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4 "HCL Verse for Android was found to employ dynamic code loading. | 2.1 |