CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38656 – HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability
https://notcve.org/view.php?id=CVE-2022-38656
04 Nov 2022 — HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. HCL Commerce, cuando utiliza Elasticsearch, puede permitir que un atacante remoto provoque un ataque de Denegación de Servicio (DoS) en el sitio y realice cambios administrativos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101265 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38661 – HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager
https://notcve.org/view.php?id=CVE-2022-38661
04 Nov 2022 — HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. HCL Workload Automation podría permitir a un usuario local sobrescribir archivos clave del sistema, lo que provocaría que el sistema fallara. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100939 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27551 – HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551)
https://notcve.org/view.php?id=CVE-2022-27551
03 Aug 2022 — HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. HCL Launch podría permitir a un usuario autenticado obtener información confidencial en algunos casos debido a una comprobación de seguridad inapropiada • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099732 • CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27785 – HCL Commerce could allow a local attacker to obtain sensitive personal information (CVE-2021-27785)
https://notcve.org/view.php?id=CVE-2021-27785
29 Jul 2022 — HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. El servidor de la tienda remota de HCL Commerce podría permitir a un atacante local obtener información personal confidencial. La vulnerabilidad requiere que la víctima lleve a cabo primero una operación determinada en el sitio web • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099765 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27549 – HCL Launch could disclose sensitive database information to a local user in plain text.
https://notcve.org/view.php?id=CVE-2022-27549
06 Jul 2022 — HCL Launch may store certain data for recurring activities in a plain text format. HCL Launch puede almacenar determinados datos para actividades recurrentes en un formato de texto plano • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27548 – HCL Launch is vulnerable to information disclosure which can be read by a local user.
https://notcve.org/view.php?id=CVE-2022-27548
06 Jul 2022 — HCL Launch stores user credentials in plain clear text which can be read by a local user. HCL Launch almacena las credenciales de los usuarios en texto sin cifrar que puede ser leído por un usuario local • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27751 – HCL Commerce is affected by an Insufficient Session Expiration vulnerability.
https://notcve.org/view.php?id=CVE-2021-27751
06 May 2022 — HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. HCL Commerce está afectado por una vulnerabilidad de Expiración de Sesión Insuficiente. Después de que la sesión expira, en algunas circunstancias, partes de la aplicación siguen siendo accesibles • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27746
https://notcve.org/view.php?id=CVE-2021-27746
21 Oct 2021 — "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" "Actualización de seguridad de HCL Connections para la una Vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejada" • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0094194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27741
https://notcve.org/view.php?id=CVE-2021-27741
13 Aug 2021 — " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" Una vulnerabilidad de seguridad en HCL Commerce Management Center, permitiendo un ataque de tipo XML external entity (XXE) injection • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089834 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14246
https://notcve.org/view.php?id=CVE-2020-14246
04 Feb 2021 — HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. HCL OneTest Performance versiones V9.5, V10.0, V10.1, utiliza una autenticación básica que es relativamente débil. Un atacante podría potencialmente decodificar las credenciales codificadas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086470 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •