Hcltech Security Vulnerabilities (CVEs)

This vulnerability allows certain administrative users in HCL Domino Leap to import applications from the server's filesystem due to improper access c...

CVE-2022-27562 is an unsafe file upload vulnerability in HCL Domino Volt that allows attackers to upload .html files containing malicious JavaScript. ...

This vulnerability in HCL Leap allows attackers to inject malicious scripts into SVG files, which then execute in users' browsers when viewing affecte...

This CVE describes a cross-site scripting (XSS) vulnerability in HCL Leap that allows attackers to inject malicious scripts into both the authoring en...

This vulnerability in HCL Leap allows attackers to inject malicious scripts into web applications through the HTML widget. It affects organizations us...

This vulnerability in HCL Leap allows attackers to inject malicious scripts through query parameters due to insufficient URI protocol whitelisting. Th...

HCL BigFix Web Reports has improper SSL certificate validation, allowing man-in-the-middle attacks. Attackers could intercept and manipulate HTTPS com...

HCL BigFix Web Reports has a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages. When users vi...

HCL Traveler for Windows exposes internal file paths in error messages or debug logs, potentially revealing sensitive directory structures. This affec...

HCL SX fails to set the secure attribute on authorization tokens and session cookies, allowing attackers to potentially steal these cookies via Cross-...

HCL SX has a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions o...

HCL iAutomate has a session fixation vulnerability where an attacker can hijack a user's authenticated session by fixing their session ID. This allows...

HCL MyXalytics has a session fixation vulnerability where attackers can set a victim's session token via crafted URLs. This allows unauthorized access...

HCL MyXalytics has an improper password policy vulnerability that allows attackers to guess or brute-force passwords when usernames are known. This af...

HCL MyXalytics has an out-of-band resource load vulnerability where attackers can host malicious web content and trick the application into fetching a...

This vulnerability in HCL MyXalytics allows attackers to access unauthorized data due to missing access control checks. It affects users of HCL MyXaly...

HCL Traveler for Microsoft Outlook (HTMO) contains a control flow vulnerability where the application fails to properly manage execution flow, potenti...

HCL BigFix Compliance generates error messages that may leak sensitive information about the system environment, users, or associated data. This vulne...

This CVE describes a false positive detection issue where HCL Traveler for Microsoft Outlook (HTMO.exe) is incorrectly flagged as malicious software b...

HCL Nomad server on Domino has an open proxy vulnerability allowing unauthenticated attackers to mask their source IP address. This enables attackers ...

HCL Nomad server on Domino fails to properly handle users with limited Domino access, potentially allowing denial of service attacks. This affects org...

The Domino Catalog template has a stored XSS vulnerability that allows attackers with document editing permissions to inject malicious scripts. When u...

This CVE describes a Cross-Site Request Forgery vulnerability affecting session tokens in HCL software. If exploited, attackers could trick authentica...

HCL DRYiCE MyXalytics has an Insecure Direct Object Reference (IDOR) vulnerability that allows authenticated users to access other users' information ...

CVE-2023-45722 is a path traversal vulnerability in HCL DRYiCE MyXalytics that allows attackers to read arbitrary files on the system by manipulating ...

HCL DRYiCE MyXalytics has an unauthenticated file upload vulnerability that allows attackers to upload malicious files without authentication. This af...

HCL DRYiCE MyXalytics uses a broken cryptographic algorithm for encryption, potentially allowing attackers to decrypt sensitive information. This affe...

An unauthenticated stored cross-site scripting (XSS) vulnerability in BigFix Server version 9.5.12.68 allows attackers to inject malicious scripts int...

CVE-2023-37519 is an unauthenticated stored cross-site scripting (XSS) vulnerability in the Download Status Report feature of BigFix Server. Attackers...

HCL Compass has weak password requirements that allow attackers to easily guess passwords and compromise user accounts. This affects all HCL Compass i...

HCL Compass fails to properly invalidate user sessions upon logout, allowing session hijacking. Attackers who obtain valid session identifiers can reu...

This vulnerability allows a local attacker to gain elevated privileges on Windows systems running HCL AppScan Presence service. Attackers can exploit ...

A persistent cross-site scripting (XSS) vulnerability in Unica Campaign allows attackers to inject malicious scripts into a specific field. When users...

This vulnerability allows authenticated attackers with specific permissions to perform XML External Entity (XXE) attacks against Unica applications by...

This CVE describes a persistent cross-site scripting (XSS) vulnerability in a specific field of the Unica Platform. An attacker can inject malicious s...

HCL Verse contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. When victims vi...

This vulnerability affects OSD Bare Metal Servers using weak cryptographic algorithms, potentially allowing attackers to decrypt sensitive data or byp...

HCL Workload Automation versions 9.4, 9.5, and 10.1 contain an XML External Entity (XXE) vulnerability that allows remote attackers to read sensitive ...

This vulnerability allows attackers to redirect users to malicious websites by exploiting the Feedback action on the manager page. It affects HCL soft...

CVE-2021-27777 is an XML External Entity (XXE) injection vulnerability in HCL Domino that allows attackers to read arbitrary files from the server fil...

CVE-2021-27771 is a path traversal vulnerability in HCL Sametime chat application where attackers can modify user session IDs to upload arbitrary file...

CVE-2021-27764 is a security misconfiguration vulnerability in HCL Domino WebUI where cookies are set without HTTPOnly flags. This allows attackers to...

This vulnerability in BigFix Compliance allows attackers to decrypt TLS-encrypted network traffic when TLS-RSA cipher suites are enabled without TLS 2...

CVE-2020-14255 is a vulnerability in HCL Digital Experience 9.5 containers that allows unauthorized access to sensitive data through crafted requests....