Filtered by vendor Hcltech
Subscriptions
Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0251 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | 2.6 Low |
| HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks. | ||||
| CVE-2025-0249 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | 3.3 Low |
| HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without authorization. | ||||
| CVE-2025-0250 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | 2.2 Low |
| HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks. | ||||
| CVE-2025-0252 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | 2.6 Low |
| HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit. | ||||
| CVE-2025-0253 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | 2 Low |
| HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities. | ||||
| CVE-2024-42193 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | 8.1 High |
| HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access. | ||||
| CVE-2024-42200 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | 5.4 Medium |
| HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input. | ||||
| CVE-2024-42189 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | 6.5 Medium |
| HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. | ||||
| CVE-2025-52653 | 1 Hcltech | 1 Dryice Myxalytics | 2025-10-08 | 7.6 High |
| HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access. | ||||
| CVE-2025-52656 | 1 Hcltech | 1 Dryice Myxalytics | 2025-10-08 | 7.6 High |
| HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields. | ||||
| CVE-2025-0280 | 1 Hcltech | 1 Compass | 2025-09-04 | 7.5 High |
| A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | ||||
| CVE-2025-31988 | 1 Hcltech | 1 Digital Experience | 2025-08-21 | 4.9 Medium |
| HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. | ||||
| CVE-2025-31987 | 1 Hcltech | 1 Connections Docs | 2025-08-16 | 4.8 Medium |
| HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. | ||||
| CVE-2025-31965 | 1 Hcltech | 1 Bigfix Remote Control | 2025-07-31 | 8.2 High |
| Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages. | ||||
| CVE-2024-30154 | 1 Hcltech | 1 Hcl Sx | 2025-07-03 | 5.3 Medium |
| HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2023-50351 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-18 | 8.2 High |
| HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | ||||
| CVE-2023-50350 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-18 | 8.2 High |
| HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. | ||||
| CVE-2023-50348 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-18 | 3.1 Low |
| HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. | ||||
| CVE-2023-50346 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-18 | 3.1 Low |
| HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | ||||
| CVE-2023-50344 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-18 | 5.4 Medium |
| HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. | ||||