CVE-2022-38660 – HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38660
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. Las aplicaciones HCL XPages son susceptibles a una vulnerabilidad de Cross-Site Request Forgery (CSRF). Un atacante no autenticado podría aprovechar esta vulnerabilidad para realizar acciones en la aplicación en nombre del usuario que inició sesión. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-4099 – HCL Verse for Android is susceptible to an APK signing key check vulnerability
https://notcve.org/view.php?id=CVE-2020-4099
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. La aplicación se firmó utilizando una longitud de clave menor o igual a 1024 bits, lo que la hace potencialmente vulnerable a firmas digitales falsificadas. Un atacante podría falsificar la misma firma digital de la aplicación después de modificarla maliciosamente. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861 • CWE-326: Inadequate Encryption Strength •
CVE-2021-27784 – HCL Launch container images may contain non-unique https certificates and database encryption key
https://notcve.org/view.php?id=CVE-2021-27784
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Las imágenes de HCL Launch Container proporcionadas contienen certificados HTTPS no únicos y una clave de cifrado de base de datos. La solución proporciona instrucciones y herramientas para reemplazar las claves y certificados no únicos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-27774 – An injection vulnerability affects HCL Digital Experience
https://notcve.org/view.php?id=CVE-2021-27774
User input included in error response, which could be used in a phishing attack. Una entrada del usuario incluida en la respuesta de error, que podría ser usada en un ataque de phishing • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100491 • CWE-20: Improper Input Validation CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2022-27561 – HCL Traveler is susceptible to a Reflected Cross-Site Scripting vulnerability in the web admin (LotusTraveler.nsf)
https://notcve.org/view.php?id=CVE-2022-27561
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). Se presenta una vulnerabilidad de tipo Cross-Site Scripting reflejado en el administrador web de HCL Traveler (LotusTraveler.nsf) • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100435 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •