Filtered by vendor Hcltech
Subscribe
Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27771 | 1 Hcltech | 1 Sametime | 2022-05-24 | 6.5 MEDIUM | 7.6 HIGH |
| User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files. | |||||
| CVE-2021-27770 | 1 Hcltech | 1 Sametime | 2022-05-24 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place. | |||||
| CVE-2021-27773 | 1 Hcltech | 1 Sametime | 2022-05-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | |||||
| CVE-2021-27768 | 1 Hcltech | 1 Verse | 2022-05-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login. | |||||
| CVE-2021-27764 | 1 Hcltech | 1 Bigfix Webui | 2022-05-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) | |||||
| CVE-2021-27762 | 1 Hcltech | 1 Bigfix Platform | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | |||||
| CVE-2021-27761 | 1 Hcltech | 1 Bigfix Platform | 2022-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | |||||
| CVE-2021-27759 | 1 Hcltech | 1 Bigfix Inventory | 2022-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. | |||||
| CVE-2021-27758 | 1 Hcltech | 1 Bigfix Inventory | 2022-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | |||||
| CVE-2021-27767 | 1 Hcltech | 1 Bigfix Platform | 2022-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | |||||
| CVE-2021-27766 | 1 Hcltech | 1 Bigfix Platform | 2022-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | |||||
| CVE-2021-27765 | 1 Hcltech | 1 Bigfix Platform | 2022-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | |||||
| CVE-2021-27756 | 1 Hcltech | 1 Bigfix Compliance | 2022-03-11 | 4.3 MEDIUM | 7.5 HIGH |
| "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it." | |||||
| CVE-2021-27757 | 1 Hcltech | 1 Bigfix Insights | 2022-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." | |||||
| CVE-2021-27755 | 1 Hcltech | 1 Hcl Sametime | 2022-03-01 | 2.1 LOW | 5.5 MEDIUM |
| "Sametime Android potential path traversal vulnerability when using File class" | |||||
| CVE-2021-27753 | 1 Hcltech | 1 Hcl Sametime | 2022-03-01 | 2.1 LOW | 5.5 MEDIUM |
| "Sametime Android PathTraversal Vulnerability" | |||||
| CVE-2020-14273 | 1 Hcltech | 1 Domino | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | |||||
| CVE-2020-14264 | 1 Hcltech | 1 Traveler Companion | 2021-10-28 | 2.1 LOW | 3.9 LOW |
| "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | |||||
| CVE-2020-4089 | 1 Hcltech | 1 Notes | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected. | |||||
| CVE-2020-4128 | 1 Hcltech | 1 Domino | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. | |||||