CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37521 – HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-37521
16 Jan 2024 — HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. HCL BigFix Bare OSD Metal Server WebUI versión 311.19 o inferior a veces puede incluir información confidencial en una cadena de consulta que podría permitir a un atacante ejecutar un ataque malicioso. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45702 – HCL Launch Agent as a Windows service is vulnerable to a Denial of Service
https://notcve.org/view.php?id=CVE-2023-45702
28 Dec 2023 — An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Un agente de implementación HCL UrbanCode instalado como un servicio de Windows en una ubicación no estándar podría estar sujeto a un ataque de denegación de servicio por parte de cuentas locales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108646 •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45701 – HCL Launch is susceptible to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45701
28 Dec 2023 — HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. HCL Launch podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108645 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45700 – HCL Launch is susceptible to an HTML injection vulnerability
https://notcve.org/view.php?id=CVE-2023-45700
21 Dec 2023 — HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. HCL Launch es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45703 – HCL Launch is susceptible to a Denial of Service vulnerability
https://notcve.org/view.php?id=CVE-2023-45703
20 Dec 2023 — HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. HCL Launch puede manejar mal la validación de entrada de un archivo cargado, lo que lleva a una denegación de servicio debido al agotamiento de los recursos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108649 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23348 – HCL Launch is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-23348
10 Jul 2023 — HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42452
https://notcve.org/view.php?id=CVE-2022-42452
30 Mar 2023 — HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44756 – HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation
https://notcve.org/view.php?id=CVE-2022-44756
19 Dec 2022 — Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. Insights for Vulnerability Remediation (IVR) es vulnerable a una validación de entrada incorrecta. Esto puede dar lugar a la divulgación de información. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102168 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42454 – HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper certificate validation
https://notcve.org/view.php?id=CVE-2022-42454
19 Dec 2022 — Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. Insights for Vulnerability Remediation (IVR) es vulnerable a ataques man in the middle que pueden conducir a la divulgación de información. Esto requiere acceso privilegiado a la red. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102168 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42445 – HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
https://notcve.org/view.php?id=CVE-2022-42445
28 Nov 2022 — HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. HCL Launch podría permitir a un usuario con privilegios administrativos, incluidos permisos de "Administrar seguridad", la capacidad de recuperar una credencial previamente guardada para realizar búsquedas LDAP autenticadas. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208 •