Vulnerabilities > Hcltechsw > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-27549 | Cleartext Storage of Sensitive Information vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch may store certain data for recurring activities in a plain text format. | 5.5 |
| 2021-08-13 | CVE-2021-27741 | XXE vulnerability in Hcltechsw HCL Commerce " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | 6.4 |
| 2021-02-04 | CVE-2020-14247 | Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. | 6.4 |
| 2021-02-04 | CVE-2020-14246 | Insufficiently Protected Credentials vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. | 5.0 |
| 2021-01-12 | CVE-2020-14274 | Information Exposure vulnerability in Hcltechsw HCL Commerce Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | 5.0 |
| 2020-12-22 | CVE-2020-14231 | Out-of-bounds Write vulnerability in Hcltechsw HCL Client Application Access 9.0 A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. | 6.5 |
| 2020-12-21 | CVE-2020-14225 | HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. | 4.3 |