CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42168 – HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability
https://notcve.org/view.php?id=CVE-2024-42168
11 Jan 2025 — HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30129 – HCL Nomad server on Domino is affected by a host header injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30129
06 Dec 2024 — The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117533 • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42188 – HCL Connections is vulnerable to a broken access control vulnerability
https://notcve.org/view.php?id=CVE-2024-42188
14 Nov 2024 — HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117387 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30133 – HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability
https://notcve.org/view.php?id=CVE-2024-30133
12 Nov 2024 — HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114725 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30142 – HCL BigFix Compliance is affected by a missing secure flag on a cookie
https://notcve.org/view.php?id=CVE-2024-30142
07 Nov 2024 — HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel. HCL BigFix Compliance se ve afectado por la falta de una bandera de seguridad en una cookie. Si no se establece una bandera de seguridad, un atacante puede robar las cookies mediante XSS, lo que da como resultado un acceso no autorizado o las cookies de sesión ... • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30141 – HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information
https://notcve.org/view.php?id=CVE-2024-30141
07 Nov 2024 — HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data. HCL BigFix Compliance es vulnerable a la generación de mensajes de error que contienen información confidencial. Los mensajes de error detallados pueden proporcionar información incitativa o exponer información sobre su entorno, usuarios o datos asociados. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30140 – HCL BigFix Compliance is affected by unvalidated redirects and forwards
https://notcve.org/view.php?id=CVE-2024-30140
07 Nov 2024 — HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. HCL BigFix Compliance se ve afectado por redirecciones y reenvíos no validados. El encabezado HOST puede ser manipulado por un atacante y, como resultado, puede contaminar la memoria caché web y devolver la página a los usuarios. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30149 – HCL AppScan Source is affected by an expired TLS/SSL certificate
https://notcve.org/view.php?id=CVE-2024-30149
31 Oct 2024 — HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116990 • CWE-295: Improper Certificate Validation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30106 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30106
28 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50355 – HCL Sametime is impacted by generation of error messages containing sensitive information
https://notcve.org/view.php?id=CVE-2023-50355
23 Oct 2024 — HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-209: Generation of Error Message Containing Sensitive Information •