"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description...
5.4CVSS
5.1AI Score
0.001EPSS
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of...
6CVSS
6.2AI Score
0.0004EPSS
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a...
4.3CVSS
4.5AI Score
0.001EPSS
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test...
6.1CVSS
6AI Score
0.001EPSS
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack...
5.9CVSS
5.5AI Score
0.002EPSS
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are...
6.5CVSS
6.3AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS
"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose....
5.3CVSS
4.8AI Score
0.001EPSS
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing...
6.1CVSS
6.2AI Score
0.001EPSS
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local...
6.5CVSS
6.1AI Score
0.001EPSS
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted...
7.5CVSS
7.5AI Score
0.002EPSS
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML...
8.2CVSS
8.3AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
5.4CVSS
5.3AI Score
0.001EPSS
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local...
5.5CVSS
5.2AI Score
0.0004EPSS
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...
5.4CVSS
5.6AI Score
0.001EPSS
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message...
8.4CVSS
8.5AI Score
0.001EPSS
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the...
9.8CVSS
9.3AI Score
0.002EPSS
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web...
4.8CVSS
5AI Score
0.001EPSS
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the...
5.4CVSS
5.2AI Score
0.001EPSS
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the...
7.1CVSS
6.7AI Score
0.001EPSS
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can.....
8.1CVSS
7.9AI Score
0.004EPSS