CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23551 – HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint
https://notcve.org/view.php?id=CVE-2024-23551
07 May 2024 — Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. El escaneo de la base de datos mediante nombre de usuario y contraseña almacena las credenciales en texto sin format... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30107 – HCL Connections is vulnerable to broken access control
https://notcve.org/view.php?id=CVE-2024-30107
18 Apr 2024 — HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. HCL Connections contiene una vulnerabilidad de control de acceso roto que puede exponer información confidencial a usuarios no autorizados en ciertos escenarios. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112489 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23540 – HCL BigFix Inventory is vulnerable to path traversal
https://notcve.org/view.php?id=CVE-2024-23540
03 Apr 2024 — The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file. El servidor HCL BigFix Inventory es vulnerable al path traversal, lo que permite a un atacante leer archivos de aplicaciones internas desde el servidor de Inventory. El servidor de BigFix Inventory no restringe adecuadamente el archivo estático servido. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28018 – HCL Connections s vulnerable to possible denial of service for certain users
https://notcve.org/view.php?id=CVE-2023-28018
12 Feb 2024 — HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. HCL Connections es vulnerable a una denegación de servicio, provocada por una validación inadecuada de determinadas solicitudes. Mediante una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para provocar una denegación de servicio a los usuari... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108430 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45698 – HCL Sametime is impacted by clickjacking
https://notcve.org/view.php?id=CVE-2023-45698
10 Feb 2024 — Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. Sametime se ve afectado por la falta de protección contra el secuestro de clics en el complemento de Outlook. La aplicación no implementa protecciones adecuadas para proteger a los usuarios de ataques de clickjacking. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45696 – HCL Sametime is impacted by an autocomplete enabled vulnerability
https://notcve.org/view.php?id=CVE-2023-45696
10 Feb 2024 — Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. Sametime se ve afectado por campos confidenciales con la función de autocompletar habilitada en el cliente de chat web heredado. De forma predeterminada, esto permite que el navegador almacene los datos ingresados por el usuario. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45718 – HCL Sametime is impacted by a failure to invalidate sessions
https://notcve.org/view.php?id=CVE-2023-45718
09 Feb 2024 — Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. Sametime se ve afectado por un error al invalidar las sesiones. La aplicación establece valores de cookies confidenciales de forma persistente en los clientes web de Sametime. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-613: Insufficient Session Expiration •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45716 – HCL Sametime is impacted by a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45716
09 Feb 2024 — Sametime is impacted by sensitive information passed in URL. Sametime se ve afectado por la información confidencial transmitida en la URL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-319: Cleartext Transmission of Sensitive Information CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50349 – HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-50349
09 Feb 2024 — Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. Sametime se ve afectado por una vulnerabilidad de Cross Site Request Forgery (CSRF). Algunas API REST de la aplicación Sametime Proxy pueden permitir que un atacante realice acciones maliciosas en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37528 – A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform
https://notcve.org/view.php?id=CVE-2023-37528
03 Feb 2024 — A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. Vulnerabilidad de Cross-Site Scripting (XSS) en el componente Web Reports de HCL BigFix Platform posiblemente pueda permitir que un ataque explote un parámetro de la aplicación durante la ejecución de Save Report. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •