Hcltech: Security Vulnerabilities
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-06-28
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-06-25
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVSS Score
3.5
EPSS Score
0.003
Published
2024-06-25
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
CVSS Score
8.4
EPSS Score
0.003
Published
2024-06-06
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).
CVSS Score
5.7
EPSS Score
0.003
Published
2024-05-18
SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.
CVSS Score
5.9
EPSS Score
0.004
Published
2024-05-18
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.
CVSS Score
6.7
EPSS Score
0.002
Published
2024-05-17
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.
CVSS Score
3.5
EPSS Score
0.003
Published
2024-04-18
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.
CVSS Score
3.5
EPSS Score
0.003
Published
2024-04-18
HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.
CVSS Score
3.7
EPSS Score
0.006
Published
2024-04-10