Vulnerabilities > Hcltechsw > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-03 | CVE-2022-27551 | Incorrect Authorization vulnerability in Hcltechsw HCL Launch HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | 6.5 |
| 2022-07-30 | CVE-2021-27785 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Commerce HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. | 5.0 |
| 2022-07-06 | CVE-2022-27548 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2022-07-06 | CVE-2022-27549 | Cleartext Storage of Sensitive Information vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch may store certain data for recurring activities in a plain text format. | 5.5 |
| 2021-10-21 | CVE-2021-27746 | Cross-site Scripting vulnerability in Hcltechsw Connections 6.0 "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" | 5.4 |
| 2021-02-04 | CVE-2020-14247 | Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. | 6.5 |
| 2020-12-21 | CVE-2020-14225 | HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. | 6.5 |
| 2020-07-15 | CVE-2020-4100 | Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4 "HCL Verse for Android was found to employ dynamic code loading. | 4.4 |