The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-50346 | HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | -- | Jan 3, 2024 | n/a |
| CVE-2023-50348 | HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. | -- | Jan 3, 2024 | n/a |
| CVE-2023-50343 | HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. | -- | Jan 3, 2024 | n/a |
| CVE-2023-23346 | HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | -- | Aug 9, 2023 | n/a |
| CVE-2023-23347 | HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | -- | Aug 10, 2023 | n/a |
| CVE-2020-14270 | HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. | MEDIUM | Dec 23, 2020 | n/a |
| CVE-2022-38654 | HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user\'s person record. | -- | Nov 5, 2022 | n/a |
| CVE-2022-44752 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | -- | Dec 22, 2022 | n/a |
| CVE-2022-44750 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM. | -- | Dec 22, 2022 | n/a |
| CVE-2022-44754 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. | -- | Dec 22, 2022 | n/a |
| CVE-2020-4127 | HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user\'s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-4129 | HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. | MEDIUM | Dec 2, 2020 | n/a |
| CVE-2020-4128 | HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-14234 | HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. | MEDIUM | Nov 21, 2020 | n/a |
| CVE-2020-14230 | HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. | MEDIUM | Nov 21, 2020 | n/a |
| CVE-2020-14273 | HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | MEDIUM | Dec 30, 2020 | n/a |
| CVE-2020-14260 | HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. | HIGH | Dec 4, 2020 | n/a |
| CVE-2020-4107 | HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. | MEDIUM | May 20, 2022 | n/a |
| CVE-2020-4101 | HCL Digital Experience is susceptible to Server Side Request Forgery. | HIGH | Jun 11, 2020 | n/a |
| CVE-2023-37538 | HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | -- | Oct 11, 2023 | n/a |
| CVE-2020-14255 | HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | MEDIUM | Feb 2, 2021 | n/a |
| CVE-2020-14221 | HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | MEDIUM | Feb 2, 2021 | n/a |
| CVE-2020-14223 | HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. | MEDIUM | Oct 8, 2020 | n/a |
| CVE-2020-14222 | HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | MEDIUM | Nov 5, 2020 | n/a |
| CVE-2024-23559 | HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | -- | Apr 15, 2024 | n/a |
| CVE-2024-23561 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | -- | Apr 16, 2024 | n/a |
| CVE-2024-23558 | HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | -- | Apr 16, 2024 | n/a |
| CVE-2024-23560 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | -- | Apr 16, 2024 | n/a |
| CVE-2024-23550 | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | -- | Feb 5, 2024 | n/a |
| CVE-2019-4209 | HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | MEDIUM | May 5, 2020 | n/a |
| CVE-2020-4084 | HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | LOW | Mar 10, 2020 | n/a |
| CVE-2021-27746 | HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability | LOW | Oct 22, 2021 | n/a |
| CVE-2023-37533 | HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user\'s account then launch other attacks. | -- | Nov 9, 2023 | n/a |
| CVE-2020-4085 | HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user. | MEDIUM | Apr 22, 2020 | n/a |
| CVE-2023-28022 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | -- | Dec 18, 2023 | n/a |
| CVE-2023-28018 | HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | -- | Feb 13, 2024 | n/a |
| CVE-2023-28017 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user\'s account then launch other attacks. | -- | Dec 7, 2023 | n/a |
| CVE-2024-23557 | HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. | -- | Apr 18, 2024 | n/a |
| CVE-2024-30107 | HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | -- | Apr 18, 2024 | n/a |
| CVE-2020-4083 | HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. | LOW | Mar 6, 2020 | n/a |
| CVE-2023-37502 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user\'s web browser. | -- | Oct 19, 2023 | n/a |
| CVE-2023-37503 | HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | -- | Oct 19, 2023 | n/a |
| CVE-2023-37504 | HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user. | -- | Oct 19, 2023 | n/a |
| CVE-2022-42447 | HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | -- | Apr 2, 2023 | n/a |
| CVE-2021-27785 | HCL Commerce\'s Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | -- | Jul 30, 2022 | n/a |
| CVE-2022-38656 | HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | -- | Dec 14, 2022 | n/a |
| CVE-2023-37532 | HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | -- | Oct 23, 2023 | n/a |
| CVE-2021-27751 | HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. | LOW | May 6, 2022 | n/a |
| CVE-2019-4090 | HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field. | LOW | Jul 17, 2020 | n/a |
| CVE-2020-4104 | HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a. | LOW | Jul 17, 2020 | n/a |
