Filtered by vendor Hcltech
Subscriptions
Total
322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30128 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | 8.6 High |
| HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information. | ||||
| CVE-2024-30134 | 1 Hcltech | 2 Traveler, Traveler For Microsoft Outlook | 2025-10-30 | 6.7 Medium |
| The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. | ||||
| CVE-2024-30132 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | 3.7 Low |
| HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-30133 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | 5.3 Medium |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways. | ||||
| CVE-2024-42190 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | 6.5 Medium |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | ||||
| CVE-2024-42191 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | 6.5 Medium |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | ||||
| CVE-2024-30155 | 1 Hcltech | 1 Hcl Sx | 2025-10-30 | 5.5 Medium |
| HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF). | ||||
| CVE-2025-52618 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | 4.3 Medium |
| HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries. | ||||
| CVE-2025-52619 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | 5.3 Medium |
| HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform. | ||||
| CVE-2025-52620 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | 4.3 Medium |
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | ||||
| CVE-2025-52621 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | 5.3 Medium |
| HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning. | ||||
| CVE-2024-42192 | 1 Hcltech | 2 Traveler, Traveler For Microsoft Outlook | 2025-10-29 | 5.5 Medium |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications. | ||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 5.3 Medium |
| HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | ||||
| CVE-2025-31972 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 6.5 Medium |
| HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | ||||
| CVE-2025-31993 | 1 Hcltech | 2 Unica, Unica Centralized Offer Management | 2025-10-29 | 3.5 Low |
| HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server. | ||||
| CVE-2025-31997 | 1 Hcltech | 2 Unica, Unica Centralized Offer Management | 2025-10-29 | 4.2 Medium |
| HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files. | ||||
| CVE-2025-31998 | 1 Hcltech | 2 Unica, Unica Centralized Offer Management | 2025-10-29 | 3.5 Low |
| HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. | ||||
| CVE-2024-42209 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data. | ||||
| CVE-2024-42208 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2023-37541 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | ||||