Hcltech: Security Vulnerabilities
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVSS Score
4.1
EPSS Score
0.002
Published
2025-04-24
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
CVSS Score
2.5
EPSS Score
0.002
Published
2025-04-17
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system.
CVSS Score
2.6
EPSS Score
0.001
Published
2025-04-17
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.
CVSS Score
2.1
EPSS Score
0.002
Published
2025-04-15
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-04-15
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
CVSS Score
5.6
EPSS Score
0.002
Published
2025-04-15
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
CVSS Score
3.5
EPSS Score
0.002
Published
2025-04-04
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-04-03
HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-04-03
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).
CVSS Score
5.5
EPSS Score
0.002
Published
2025-03-26