Filtered by vendor Hcltech
Subscriptions
Total
211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42170 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 6.8 Medium |
| HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session. | ||||
| CVE-2024-42169 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 7.1 High |
| HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data. | ||||
| CVE-2024-42168 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 8.9 High |
| HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. | ||||
| CVE-2024-42180 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 1.6 Low |
| HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files. | ||||
| CVE-2024-42181 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 1.6 Low |
| HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
| CVE-2024-42176 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 2.6 Low |
| HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information. | ||||
| CVE-2024-42177 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 2.6 Low |
| HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system. | ||||
| CVE-2024-42178 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 2.5 Low |
| HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution. | ||||
| CVE-2023-50347 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-08 | 3.7 Low |
| HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. | ||||
| CVE-2023-37495 | 1 Hcltech | 1 Domino | 2025-05-08 | 5.9 Medium |
| Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html . | ||||
| CVE-2022-38654 | 1 Hcltech | 1 Domino | 2025-05-02 | 5.5 Medium |
| HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. | ||||
| CVE-2022-38660 | 1 Hcltech | 1 Domino | 2025-05-02 | 8.3 High |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | ||||
| CVE-2021-27784 | 1 Hcltech | 1 Hcl Launch Container Image | 2025-05-02 | 5.9 Medium |
| The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. | ||||
| CVE-2020-4099 | 1 Hcltech | 1 Verse | 2025-05-02 | 5.9 Medium |
| The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | ||||
| CVE-2022-42446 | 1 Hcltech | 1 Sametime | 2025-04-24 | 6.5 Medium |
| Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. | ||||
| CVE-2023-37519 | 1 Hcltech | 1 Bigfix Platform | 2025-04-23 | 7.7 High |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. | ||||
| CVE-2022-38662 | 1 Hcltech | 1 Hcl Digital Experience | 2025-04-18 | 6.1 Medium |
| In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | ||||
| CVE-2022-38653 | 1 Hcltech | 1 Digital Experience | 2025-04-18 | 2 Low |
| In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | ||||
| CVE-2022-44754 | 1 Hcltech | 1 Domino | 2025-04-17 | 9.8 Critical |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. | ||||
| CVE-2022-44752 | 1 Hcltech | 1 Domino | 2025-04-17 | 9.8 Critical |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | ||||