Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30122 | 1 Hcltech | 1 Sametime | 2026-06-17 | N/A | 5.8 MEDIUM |
| HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. | |||||
| CVE-2024-30118 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. | |||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 2.5 LOW |
| A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | |||||
| CVE-2024-30115 | 1 Hcltech | 1 Domino Leap | 2026-06-17 | N/A | 6.3 MEDIUM |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||||
| CVE-2024-30114 | 1 Hcltech | 1 Hcl Leap | 2026-06-17 | N/A | 3.7 LOW |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | |||||
| CVE-2024-30113 | 1 Hcltech | 1 Hcl Leap | 2026-06-17 | N/A | 6.3 MEDIUM |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||||
| CVE-2024-30112 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | |||||
| CVE-2024-30111 | 1 Hcltech | 1 Dryice Aex | 2026-06-17 | N/A | 3.3 LOW |
| HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities. | |||||
| CVE-2024-30110 | 1 Hcltech | 1 Dryice Aex | 2026-06-17 | N/A | 3.7 LOW |
| HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. | |||||
| CVE-2024-30109 | 1 Hcltech | 1 Dryice Aex | 2026-06-17 | N/A | 3.7 LOW |
| HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended. | |||||
| CVE-2024-30107 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | |||||
| CVE-2024-30106 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. | |||||
| CVE-2024-23588 | 1 Hcltech | 1 Nomad Server On Domino | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. | |||||
| CVE-2024-23586 | 1 Hcltech | 2 Domino, Hcl Nomad | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. | |||||
| CVE-2024-23583 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2026-06-17 | N/A | 6.7 MEDIUM |
| An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. | |||||
| CVE-2024-23563 | 1 Hcltech | 1 Connections Docs | 2026-06-17 | N/A | 3.9 LOW |
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||||
| CVE-2024-23562 | 1 Hcltech | 1 Domino | 2026-06-17 | N/A | 5.3 MEDIUM |
| A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. | |||||
| CVE-2024-23557 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. | |||||
| CVE-2024-23556 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 5.9 MEDIUM |
| SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | |||||
| CVE-2024-23554 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 5.7 MEDIUM |
| Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). | |||||