CVSS: 2.5EPSS: %CPEs: 1EXPL: 0CVE-2024-42178 – HCL MyXalytics is affected by a failure to restrict URL access vulnerability
https://notcve.org/view.php?id=CVE-2024-42178
17 Apr 2025 — HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120502 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 2.6EPSS: %CPEs: 1EXPL: 0CVE-2024-42177 – HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities
https://notcve.org/view.php?id=CVE-2024-42177
17 Apr 2025 — HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120504 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42208 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42208
04 Apr 2025 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. HCL Connections es vulnerable a una vulnerabilidad de divulgación de información que podría permitir que un usuario obtenga información confidencial a la que no tiene derecho, debido a una gestión inadecuada de los datos solicitados. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0278 – An internal path disclosure vulnerability affects HCL Traveler
https://notcve.org/view.php?id=CVE-2025-0278
03 Apr 2025 — HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests. HCL Traveler se ve afectado por una divulgación de ruta interna en una aplicación de Windows cuando la aplicación revela inadvertidamente rutas de archivos internas, en mensajes de error, registros de depuración o respuestas a solicitudes de usuario. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120335 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0279 – HCL Traveler is affected by generation of error messages containing sensitive information
https://notcve.org/view.php?id=CVE-2025-0279
03 Apr 2025 — HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. HCL Traveler genera mensajes de error que proporcionan información detallada sobre errores y fallos, como rutas internas, nombres de archivo, tokens confidenciales, credenciales, có... • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120336 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30155 – HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability
https://notcve.org/view.php?id=CVE-2024-30155
26 Mar 2025 — HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF). • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120110 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0254 – HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226.
https://notcve.org/view.php?id=CVE-2025-0254
20 Mar 2025 — HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120000 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30143 – A path traversal vulnerability in HCL AppScan Traffic Recorder
https://notcve.org/view.php?id=CVE-2024-30143
13 Mar 2025 — HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is running. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117697 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30154 – HCL SX is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30154
03 Mar 2025 — HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119437 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30150 – An unauthenticated privilege escalation vulnerability affects HCL MyCloud
https://notcve.org/view.php?id=CVE-2024-30150
25 Feb 2025 — HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119368 • CWE-269: Improper Privilege Management •