CVE-2021-27746
https://notcve.org/view.php?id=CVE-2021-27746
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" "Actualización de seguridad de HCL Connections para la una Vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejada" • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0094194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27741
https://notcve.org/view.php?id=CVE-2021-27741
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" Una vulnerabilidad de seguridad en HCL Commerce Management Center, permitiendo un ataque de tipo XML external entity (XXE) injection • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089834 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-14246
https://notcve.org/view.php?id=CVE-2020-14246
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. HCL OneTest Performance versiones V9.5, V10.0, V10.1, utiliza una autenticación básica que es relativamente débil. Un atacante podría potencialmente decodificar las credenciales codificadas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086470 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2020-14247
https://notcve.org/view.php?id=CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. HCL OneTest Performance versiones V9.5, V10.0, V10.1, contiene un tiempo de espera de sesión inadecuado, lo que podría permitir a un atacante adivinar y usar una ID de sesión válida • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086469 • CWE-613: Insufficient Session Expiration •
CVE-2020-14245
https://notcve.org/view.php?id=CVE-2020-14245
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. HCL OneTest UI versiones V9.5, V10.0 y V10.1, no realiza la autenticación para la funcionalidad que requiere una identidad de usuario demostrable o consume una cantidad significativa de recursos • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086622 • CWE-306: Missing Authentication for Critical Function •