CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4104
https://notcve.org/view.php?id=CVE-2020-4104
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a. HCL BigFix WebUI es vulnerable a un ataque de tipo cross-site scripting (XSS) almacenado dentro del módulo Apps->Software. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2019-4090
https://notcve.org/view.php?id=CVE-2019-4090
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." HCL Campaign es vulnerable a un ataque de tipo cross-site scripting cuando un usuario proporciona scripts de tipo XSS en el campo Campaign Description • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4091
https://notcve.org/view.php?id=CVE-2019-4091
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. " HCL Marketing Platform es vulnerable a un ataque de tipo cross-site scripting durante la adición de nuevos usuarios y también al buscar usuarios en el Panel de Control, lo que potencialmente le da a un atacante la capacidad de inyectar código malicioso en el sistema • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4095
https://notcve.org/view.php?id=CVE-2020-4095
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access." BigFix Platform está almacenando credenciales de texto sin cifrar dentro de la memoria del sistema. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080772 • CWE-312: Cleartext Storage of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4323
https://notcve.org/view.php?id=CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." HCL AppScan Enterprise consulta documentación de la API que es susceptible a un secuestro del click, lo que podría permitir a un atacante insertar el contenido de páginas web no confiables en un marco. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572&sys_kb_id=3668a078dbb9101855f38d6d13961955 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •