CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30110 – Lack of input validation vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30110
28 Jun 2024 — HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30109 – Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30109
28 Jun 2024 — HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37541 – HCL Connections is vulnerable to broken access control
https://notcve.org/view.php?id=CVE-2023-37541
25 Jun 2024 — HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114156 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30120 – HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application
https://notcve.org/view.php?id=CVE-2024-30120
14 Jun 2024 — HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. La estación de reinicio HCL DRYiCE Optibot se ve afectada por un parámetro no utilizado en la aplicación web. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496 • CWE-563: Assignment to Variable without Use •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30119 – HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header
https://notcve.org/view.php?id=CVE-2024-30119
14 Jun 2024 — HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection. La estación de reinicio HCL DRYiCE Optibot se ve afectada por la falta de un encabezado de seguridad de transporte estricto. Esto podría permitir a un atacante interceptar o manipular datos durante la redirección. HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496 • CWE-326: Inadequate Encryption Strength CWE-522: Insufficiently Protected Credentials •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
08 Jun 2024 — HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. HCL Connections Docs es vulnerable a un ataque de Cross-Site Scripting donde un atacante puede aprovechar este problema para ejecutar código arbitrario. Esto puede provocar la divulgación de credenciales y posiblemente lanzar ataques adicionales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23580 – HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs)
https://notcve.org/view.php?id=CVE-2024-23580
28 May 2024 — HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values. HCL DRYiCE Optibot Reset Station se ve afectada por el cifrado inseguro de contraseñas de un solo uso (OTP). Esto podría permitir que un atacante con acceso a la base de datos recupere algunos o todos los valores cifrados. HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OT... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23579 – HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions
https://notcve.org/view.php?id=CVE-2024-23579
28 May 2024 — HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values. HCL DRYiCE Optibot Reset Station se ve afectada por un cifrado inseguro de preguntas de seguridad. Esto podría permitir que un atacante con acceso a la base de datos recupere algunos o todos los valores cifrados. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23576 – HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23576
13 May 2024 — Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. Una vulnerabilidad de seguridad en HCL Commerce 9.1.12 y 9.1.13 podría permitir la denegación de servicio, la divulgación de datos personales del usuario y la realización de operaciones administrativas no autorizadas. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112907 • CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23557 – HCL Connections is vulnerable to a user enumeration vulnerability
https://notcve.org/view.php?id=CVE-2024-23557
18 Apr 2024 — HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. HCL Connections contiene una vulnerabilidad de enumeración de usuarios. Ciertas acciones podrían permitir a un atacante determinar si el usuario es válido o no, lo que daría lugar a un posible ataque de fuerza bruta. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112488 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •