CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30124 – HCL Sametime is impacted by insecure services
https://notcve.org/view.php?id=CVE-2024-30124
23 Oct 2024 — HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30122 – HCL Sametime is impacted by misconfigured security related HTTP headers
https://notcve.org/view.php?id=CVE-2024-30122
23 Oct 2024 — HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30118 – HCL Connections is susceptible to a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30118
09 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30132 – Missing default HTTP security headers affect HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-30132
01 Oct 2024 — HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0116298 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23586 – An insufficient session timeout vulnerability affects HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-23586
27 Sep 2024 — HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115264 • CWE-613: Insufficient Session Expiration •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30134 – HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability
https://notcve.org/view.php?id=CVE-2024-30134
26 Sep 2024 — The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114723 • CWE-295: Improper Certificate Validation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30128 – An open proxy vulnerability affects HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-30128
25 Sep 2024 — HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30130 – HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability
https://notcve.org/view.php?id=CVE-2024-30130
19 Jul 2024 — HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information. El servidor HCL Nomad en Domino es vulnerable al caché que contiene información confidencial, lo que potencialmente podría brindarle a un atacante la capacidad de adquirir información confidencial. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114184 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30135 – Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30135
28 Jun 2024 — HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30111 – Missing Root Detection vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30111
28 Jun 2024 — HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities. HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious user... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-1326: Missing Immutable Root of Trust in Hardware •