CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37537 – HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability
https://notcve.org/view.php?id=CVE-2023-37537
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. Una vulnerabilidad de ruta de servicio no citada en HCL AppScan Presence, implementada como un servicio de Windows en HCL AppScan on Cloud (ASoC), puede permitir que un atacante local obtenga privilegios elevados. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108018 • CWE-428: Unquoted Search Path or Element •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37538 – HCL Digital Experience is susceptible to cross site scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-37538
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). HCL Digital Experience es susceptible a Cross-Site Scripting (XSS). Un subcomponente es vulnerable al XSS reflejado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-37536 – HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
https://notcve.org/view.php?id=CVE-2023-37536
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de límites a través de una solicitud HTTP. An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability. • https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 https://access.redhat.com/security • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44757 – HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography
https://notcve.org/view.php?id=CVE-2022-44757
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. BigFix Insights for Vulnerability Remediation (IVR) utiliza criptografía débil que puede provocar la exposición de las credenciales. Un atacante podría obtener acceso a información confidencial, modificar datos de formas inesperadas, etc. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42451 – HCL BigFix Patch Management is vulnerable to insecurely stored credentials
https://notcve.org/view.php?id=CVE-2022-42451
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. Ciertas credenciales dentro de los complementos de BigFix Patch Management Download se almacenan de forma no segura y podrían quedar expuestas a un usuario local privilegiado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108007 • CWE-522: Insufficiently Protected Credentials •