CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-28009 – HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
https://notcve.org/view.php?id=CVE-2023-28009
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104371 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-28008 – HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
https://notcve.org/view.php?id=CVE-2023-28008
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104371 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42447 – Cross-origin resource sharing vulnerability affects HCL Compass
https://notcve.org/view.php?id=CVE-2022-42447
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27788 – HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-27788
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38657 – An open redirect to malicious sites affects HCL Leap
https://notcve.org/view.php?id=CVE-2022-38657
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097201 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •