
CVE-2024-42191 – HCL Traveler for Microsoft Outlook (HTMO) is susceptible to COM hijacking
https://notcve.org/view.php?id=CVE-2024-42191
30 May 2025 — HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120745 • CWE-427: Uncontrolled Search Path Element •

CVE-2024-42190 – HCL Traveler for Microsoft Outlook (HTMO) is susceptible to DLL hijacking
https://notcve.org/view.php?id=CVE-2024-42190
30 May 2025 — HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120744 • CWE-427: Uncontrolled Search Path Element •

CVE-2024-42213 – HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment
https://notcve.org/view.php?id=CVE-2024-42213
05 May 2025 — HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961 • CWE-531: Inclusion of Sensitive Information in Test Code •

CVE-2024-42212 – HCL BigFix Compliance is affected by an improper or missing SameSite attribute
https://notcve.org/view.php?id=CVE-2024-42212
05 May 2025 — HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •

CVE-2024-30152 – HCL SX is affected by usage of a weak cryptographic algorithm
https://notcve.org/view.php?id=CVE-2024-30152
25 Apr 2025 — HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120735 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVE-2023-37516 – HCL Leap is affected by missing "no cache" headers
https://notcve.org/view.php?id=CVE-2023-37516
24 Apr 2025 — Missing "no cache" headers in HCL Leap permits user directory information to be cached. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-524: Use of Cache Containing Sensitive Information •

CVE-2024-30127 – HCL Leap is affected by missing "no cache" headers
https://notcve.org/view.php?id=CVE-2024-30127
24 Apr 2025 — Missing "no cache" headers in HCL Leap permits sensitive data to be cached. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-524: Use of Cache Containing Sensitive Information •

CVE-2023-37534 – HCL Leap is affected by a Cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-37534
24 Apr 2025 — Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-45720 – HCL Leap is affected by a disclosure of private personal information vulnerability
https://notcve.org/view.php?id=CVE-2023-45720
24 Apr 2025 — Insufficient default configuration in HCL Leap allows anonymous access to directory information. Insufficient default configuration in HCL Leap allows anonymous access to directory information. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVE-2024-30113 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30113
24 Apr 2025 — Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •