CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30117 – HCL BigFix Platform is affected by a DLL Hijack vulnerability
https://notcve.org/view.php?id=CVE-2024-30117
14 Oct 2024 — A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30118 – HCL Connections is susceptible to a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30118
09 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23562 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23562
08 Jul 2024 — This vulnerability is being re-assessed. Vulnerability details will be updated. The security bulletin will be republished when further details are available. Una vulnerabilidad de seguridad en HCL Domino podría permitir la divulgación de información de configuración confidencial. Un atacante remoto no autenticado podría aprovechar esta vulnerabilidad para obtener información y lanzar más ataques contra el sistema afectado. A security vulnerability in HCL Domino could allow disclosure of sensitive configurat... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23588 – A denial of service vulnerability affects HCL Nomad server on Domino
https://notcve.org/view.php?id=CVE-2024-23588
05 Jul 2024 — HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. El servidor HCL Nomad en Domino no maneja adecuadamente a los usuarios configurados con acceso limitado a Domino, lo que genera una posible vulnerabilidad de denegación de servicio. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37539 – HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-37539
06 Jun 2024 — The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. The Domino Catalog template es susceptible a una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Un atacante con la capacidad de editar documentos en la aplicación/base de datos del catálogo creada... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23556 – HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation
https://notcve.org/view.php?id=CVE-2024-23556
17 May 2024 — SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. La funcionalidad de renegociación SSL/TLS puede conducir a una vulnerabilidad de ataque DoS. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23554 – HCL BigFix Platform is susceptible to Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-23554
17 May 2024 — Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el token de sesión que podría conducir a la ejecución remota de código (RCE). • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23583 – HCL BigFix Platform is susceptible to insufficiently protected credentials
https://notcve.org/view.php?id=CVE-2024-23583
17 May 2024 — An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Un atacante podría potencialmente interceptar las credenciales a través del administrador de tareas y realizar acceso no autorizado a Client Deploy Tool en sistemas Windows. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37526 – HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-37526
10 May 2024 — HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks. HCL DRYiCE Lucy (ahora AEX) se ve afectada por una vulnerabilidad de intercambio de recursos de origen cruzado (CORS). La aplicación móvil es vulnerable a una mala configuración de CORS que podría permitir el acceso no autoriz... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113032 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23551 – HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint
https://notcve.org/view.php?id=CVE-2024-23551
07 May 2024 — Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. El escaneo de la base de datos mediante nombre de usuario y contraseña almacena las credenciales en texto sin format... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963 • CWE-522: Insufficiently Protected Credentials •