Vulnerabilities > Hcltechsw

DATE CVE VULNERABILITY TITLE RISK
2021-10-21 CVE-2021-27746 Cross-site Scripting vulnerability in Hcltechsw Connections 6.0
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
network
low complexity
hcltechsw CWE-79
5.4
2021-08-13 CVE-2021-27741 XXE vulnerability in Hcltechsw HCL Commerce
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
network
low complexity
hcltechsw CWE-611
critical
9.1
2021-02-04 CVE-2020-14247 Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
network
low complexity
hcltechsw CWE-613
6.5
2021-02-04 CVE-2020-14246 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak.
network
low complexity
hcltechsw CWE-327
7.5
2021-02-04 CVE-2020-14245 Missing Authentication for Critical Function vulnerability in Hcltechsw Onetest Performance
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
network
low complexity
hcltechsw CWE-306
critical
9.8
2021-01-12 CVE-2020-14275 Unspecified vulnerability in Hcltechsw HCL Commerce
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
network
low complexity
hcltechsw
critical
9.8
2021-01-12 CVE-2020-14274 Unspecified vulnerability in Hcltechsw HCL Commerce
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.
network
low complexity
hcltechsw
7.5
2020-12-22 CVE-2020-14231 Out-of-bounds Write vulnerability in Hcltechsw HCL Client Application Access 9.0
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow.
network
low complexity
hcltechsw CWE-787
8.8
2020-12-21 CVE-2020-14225 HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content.
network
low complexity
hcltechsw hcltech
6.5
2020-07-15 CVE-2020-4100 Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4
"HCL Verse for Android was found to employ dynamic code loading.
local
low complexity
hcltechsw CWE-913
4.4