Filtered by vendor Hcltechsw
Subscribe
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45701 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | N/A | 4.3 MEDIUM |
| HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2023-45700 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | N/A | 4.3 MEDIUM |
| HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2023-37523 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2026-06-17 | N/A | 5.6 MEDIUM |
| Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. | |||||
| CVE-2023-37522 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2026-06-17 | N/A | 5.6 MEDIUM |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. | |||||
| CVE-2023-37521 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2026-06-17 | N/A | 2.3 LOW |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | |||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | N/A | 5.1 MEDIUM |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | |||||
| CVE-2022-44756 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2026-06-17 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.? | |||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2026-06-17 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure.? This requires privileged network access. | |||||
| CVE-2022-42452 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | N/A | 4.6 MEDIUM |
| HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. | |||||
| CVE-2022-42445 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | N/A | 4.9 MEDIUM |
| HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | |||||
| CVE-2022-38661 | 1 Hcltechsw | 1 Hcl Workload Automation | 2026-06-17 | N/A | 6.2 MEDIUM |
| HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | |||||
| CVE-2022-38656 | 1 Hcltechsw | 1 Hcl Commerce | 2026-06-17 | N/A | 8.6 HIGH |
| HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | |||||
| CVE-2022-27551 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | |||||
| CVE-2022-27549 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | 2.1 LOW | 4.0 MEDIUM |
| HCL Launch may store certain data for recurring activities in a plain text format. | |||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2026-06-17 | 2.1 LOW | 4.9 MEDIUM |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2026-06-17 | N/A | 3.9 LOW |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | |||||
| CVE-2021-27751 | 1 Hcltechsw | 1 Hcl Commerce | 2026-06-17 | 1.9 LOW | 4.4 MEDIUM |
| HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. | |||||
| CVE-2021-27746 | 1 Hcltechsw | 1 Connections | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" | |||||
| CVE-2021-27741 | 1 Hcltechsw | 1 Hcl Commerce | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | |||||
| CVE-2020-4100 | 1 Hcltechsw | 1 Hcl Verse | 2026-06-17 | 2.1 LOW | 4.4 MEDIUM |
| "HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly." | |||||