CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14274
https://notcve.org/view.php?id=CVE-2020-14274
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. Una vulnerabilidad de divulgación de información en HCL Commerce versiones 9.0.1.9 hasta 9.0.1.14 y versiones 9.1 hasta 9.1.4, podría permitir a un atacante remoto obtener datos personales del usuario por medio de vectores desconocidos • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086183 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14275
https://notcve.org/view.php?id=CVE-2020-14275
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. Una vulnerabilidad de seguridad en HCL Commerce versiones 9.0.0.5 hasta 9.0.0.13, versiones 9.0.1.0 hasta 9.0.1.14 y versiones 9.1 hasta 9.1.4, podría permitir una denegación de servicio, divulgación de datos personales del usuario y llevar a cabo operaciones administrativas no autorizadas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086271 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14231
https://notcve.org/view.php?id=CVE-2020-14231
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. Una vulnerabilidad en el manejo de parámetros de entrada de HCL Client Application Access versión v9, podría ser explotada por un atacante autenticado, resultando en un desbordamiento del búfer de la pila. Esto podría permitir al atacante bloquear el programa o inyectar código en el sistema que se ejecutaría con los privilegios del usuario actualmente conectado • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085882 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14225
https://notcve.org/view.php?id=CVE-2020-14225
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack. HCL iNotes es susceptible a una vulnerabilidad de tipo Tabnabbing causada por un saneamiento inapropiado del contenido del mensaje. Un atacante no autenticado remoto podría usar esta vulnerabilidad para engañar al usuario final para que ingrese información confidencial, tales como credenciales, por ejemplo, como parte de un ataque de phishing • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4100
https://notcve.org/view.php?id=CVE-2020-4100
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly." Se encontró que HCL Verse para Android emplea la carga dinámica de código. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800 • CWE-913: Improper Control of Dynamically-Managed Code Resources •