CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30110 – Lack of input validation vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30110
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30109 – Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30109
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. HCL Connections Docs es vulnerable a un ataque de Cross-Site Scripting donde un atacante puede aprovechar este problema para ejecutar código arbitrario. Esto puede provocar la divulgación de credenciales y posiblemente lanzar ataques adicionales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23584 – HCL BigFix Asset Discovery is affected by a security vulnerability
https://notcve.org/view.php?id=CVE-2024-23584
The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. El servicio NMAP Importer puede exponer las credenciales del almacén de datos a usuarios autorizados del Registro de Windows. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112264 •