Medium
CVSS: 5.3
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to infor…
Medium
CVSS: 5.4
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authentic…
Medium
CVSS: 6.5
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.
Low
CVSS: 3.2
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Low
CVSS: 3.2
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
Medium
CVSS: 4.6
Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
Medium
CVSS: 4.6
Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
Medium
CVSS: 6.5
Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
Low
CVSS: 3.7
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Medium
CVSS: 6.3
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Medium
CVSS: 5.3
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
High
CVSS: 7.1
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
Medium
CVSS: 4.1
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
Low
CVSS: 2.5
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distributio…
Low
CVSS: 2.6
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code…
Low
CVSS: 2.1
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this…
Medium
CVSS: 4.8
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
Medium
CVSS: 5.6
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
Low
CVSS: 3.5
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
Medium
CVSS: 4.3
HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this informati…