CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30154 – HCL SX is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30154
03 Mar 2025 — HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119437 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30150 – An unauthenticated privilege escalation vulnerability affects HCL MyCloud
https://notcve.org/view.php?id=CVE-2024-30150
25 Feb 2025 — HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119368 • CWE-269: Improper Privilege Management •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23563 – HCL Connections Docs is vulnerable to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-23563
12 Feb 2025 — HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42207 – HCL iAutomate is affected by a session fixation vulnerability
https://notcve.org/view.php?id=CVE-2024-42207
05 Feb 2025 — HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118946 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42187 – HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-42187
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42186 – HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support
https://notcve.org/view.php?id=CVE-2024-42186
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-295: Improper Certificate Validation •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42185 – HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks
https://notcve.org/view.php?id=CVE-2024-42185
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42184 – HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme
https://notcve.org/view.php?id=CVE-2024-42184
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42183 – HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability
https://notcve.org/view.php?id=CVE-2024-42183
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-494: Download of Code Without Integrity Check •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42182 – HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-42182
23 Jan 2025 — BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118565 • CWE-918: Server-Side Request Forgery (SSRF) •