Hcltechsw

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37521 1Hcltechsw 1Bigfix Bare Osd Metal Server Webui Nov 21, 2024 Jan 16, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.
CVE-2023-45702 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
CVE-2023-45701 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 28, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-45700 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2023-45703 1Hcltechsw 1Hcl Launch Nov 21, 2024 Dec 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
CVE-2023-23348 1Hcltechsw 1Hcl Launch Nov 21, 2024 Jul 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
CVE-2022-42452 1Hcltechsw 1Hcl Launch Feb 12, 2025 Apr 2, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.
CVE-2022-44756 1Hcltechsw 1Bigfix Insights For Vulnerability Remediation Apr 16, 2025 Dec 21, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.
CVE-2022-42454 1Hcltechsw 1Bigfix Insights For Vulnerability Remediation Apr 16, 2025 Dec 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure.  This requires privileged network access.
CVE-2022-42445 1Hcltechsw 1Hcl Launch Apr 25, 2025 Dec 12, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
CVE-2022-38661 1Hcltechsw 1Hcl Workload Automation Nov 21, 2024 Dec 12, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash.
CVE-2022-38656 1Hcltechsw 1Hcl Commerce Nov 21, 2024 Dec 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.
CVE-2022-27551 1Hcltechsw 1Hcl Launch Nov 21, 2024 Aug 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
CVE-2021-27785 1Hcltechsw 1Hcl Commerce Nov 21, 2024 Jul 30, 2022 N/A· v4 5.0 MEDIUM· v3 N/A· v2 HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.
CVE-2022-27549 1Hcltechsw 1Hcl Launch Nov 21, 2024 Jul 6, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 HCL Launch may store certain data for recurring activities in a plain text format.
CVE-2022-27548 1Hcltechsw 1Hcl Launch Nov 21, 2024 Jul 6, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 HCL Launch stores user credentials in plain clear text which can be read by a local user.
CVE-2021-27751 1Hcltechsw 1Hcl Commerce Nov 21, 2024 May 6, 2022 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.
CVE-2021-27746 1Hcltechsw 1Connections Nov 21, 2024 Oct 21, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-27741 1Hcltechsw 1Hcl Commerce Nov 21, 2024 Aug 13, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
CVE-2020-14247 1Hcltechsw 1Onetest Performance Nov 21, 2024 Feb 4, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.

Previous 123 Next