CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30132 – Missing default HTTP security headers affect HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-30132
01 Oct 2024 — HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0116298 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23586 – An insufficient session timeout vulnerability affects HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-23586
27 Sep 2024 — HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115264 • CWE-613: Insufficient Session Expiration •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30134 – HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability
https://notcve.org/view.php?id=CVE-2024-30134
26 Sep 2024 — The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114723 • CWE-295: Improper Certificate Validation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30128 – An open proxy vulnerability affects HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-30128
25 Sep 2024 — HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30130 – HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability
https://notcve.org/view.php?id=CVE-2024-30130
19 Jul 2024 — HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information. El servidor HCL Nomad en Domino es vulnerable al caché que contiene información confidencial, lo que potencialmente podría brindarle a un atacante la capacidad de adquirir información confidencial. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114184 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30135 – Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30135
28 Jun 2024 — HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30111 – Missing Root Detection vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30111
28 Jun 2024 — HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities. HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious user... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-1326: Missing Immutable Root of Trust in Hardware •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30110 – Lack of input validation vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30110
28 Jun 2024 — HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30109 – Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30109
28 Jun 2024 — HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37541 – HCL Connections is vulnerable to broken access control
https://notcve.org/view.php?id=CVE-2023-37541
25 Jun 2024 — HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114156 •