cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-23562,https://securityvulnerability.io/vulnerability/CVE-2024-23562,HCL Domino Security Vulnerability Could Lead to Sensitive Configuration Information Disclosure,"A security vulnerability has been identified in HCL Domino, allowing remote unauthenticated attackers to potentially expose sensitive configuration information. By exploiting this flaw, attackers may gather critical insights to launch further targeted attacks on the affected systems, posing significant risks to data integrity and system security.",Hcl Software,Domino Server,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-07-08T15:57:08.805Z,0
CVE-2024-23576,https://securityvulnerability.io/vulnerability/CVE-2024-23576,"HCL Commerce Security Vulnerability Could Lead to Denial of Service, Data Disclosure, and Unauthorized Admin Access","The security vulnerability identified in specific versions of HCL Commerce can lead to significant risks, including potential denial of service and unauthorized access to sensitive user personal data. This issue affects versions 9.1.12 and 9.1.13, creating opportunities for malicious actors to exploit administrative operations without proper authorization. Organizations utilizing these versions are advised to be aware of the implicated risks and implement mitigation strategies promptly.",Hcl Software,Commerce,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T14:59:00.000Z,0
CVE-2023-45705,https://securityvulnerability.io/vulnerability/CVE-2023-45705,SSRF Exploit Through SMTP Configuration Options,"An administrative user of HCL WebReports can exploit a Server Side Request Forgery (SSRF) vulnerability through specific SMTP configuration options. This issue can lead to unauthorized access and manipulation, posing significant risks to system integrity and data security. Organizations using HCL WebReports should assess their configurations and implement necessary precautions to mitigate potential exploitation.",Hcl Software,Bigfix Platform,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-03-28T14:11:57.835Z,0
CVE-2023-45696,https://securityvulnerability.io/vulnerability/CVE-2023-45696,Sametime Impacted by Autocomplete Feature in Legacy Web Chat Client,"The HCL Sametime Legacy Web Chat Client is vulnerable due to the inappropriate handling of sensitive fields with autocomplete enabled. This vulnerability permits the web browser to store user input data by default, potentially leading to unintended exposure of sensitive information. It is essential for users and administrators to be aware of this issue to implement necessary security measures, such as disabling autocomplete features and sanitizing any sensitive entries made through the client.",HCL Software,HCL Sametime,7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2024-02-10T03:10:30.423Z,0
CVE-2023-45718,https://securityvulnerability.io/vulnerability/CVE-2023-45718,Sametime Sessions Failure: Persistent Cookie Values Cause Security Risks,"In HCL Sametime Web clients, there exists a notable session management issue due to a lack of proper session invalidation. Specifically, sensitive cookie values are being set to persist even after the user terminates their session. This flaw can lead to potential security risks, allowing unauthorized users to potentially exploit valid cookies after a legitimate user's session has ended. Proper handling of session data is crucial to safeguarding user information and maintaining application integrity.",HCL Software,HCL Sametime,7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2024-02-09T21:22:09.163Z,0
CVE-2023-50349,https://securityvulnerability.io/vulnerability/CVE-2023-50349,Sametime Vulnerable to CSRF Attacks,"HCL Sametime Proxy is subject to a Cross Site Request Forgery (CSRF) vulnerability that affects certain REST APIs. This flaw allows attackers to perform unauthorized actions through the application, potentially compromising user data or application integrity. Implementing security measures to mitigate the risk associated with CSRF attacks is essential for safeguarding the interests of users and maintaining the stability of the application. Organizations using HCL Sametime Proxy should be proactive in applying patches and conducting security assessments to protect against this type of vulnerability.",HCL Software,HCL Sametime,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-09T20:15:03.715Z,0
CVE-2023-37518,https://securityvulnerability.io/vulnerability/CVE-2023-37518,A code injection vulnerability affects HCL BigFix ServiceNow Data Flow,HCL BigFix ServiceNow has a vulnerability that permits arbitrary code injection through which an authorized attacker can execute malicious code in the context of the running user. This attack vector may allow the attacker to manipulate the application's functionality or gain unauthorized access to sensitive data. Organizations utilizing HCL BigFix ServiceNow are advised to implement security measures to mitigate potential risks associated with this vulnerability.,HCL Software,BigFix ServiceNow Data Flow,8.8,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2024-01-30T15:30:50.913Z,0
CVE-2023-37523,https://securityvulnerability.io/vulnerability/CVE-2023-37523,HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags,"The HCL BigFix Bare OSD Metal Server WebUI is susceptible to security issues stemming from missing or improperly configured tags. This vulnerability enables potential attackers to exploit the system by executing malicious scripts in the context of the user's browser, which could lead to unauthorized actions or the compromise of sensitive data. Users utilizing version 311.19 or lower of this product should be aware of the risks associated with this flaw and take appropriate measures to mitigate potential threats.",HCL Software,HCL BigFix OSD Bare Metal Server WebUI,9.8,CRITICAL,0.0017000000225380063,false,,false,false,false,,,false,false,,2024-01-16T17:33:01.755Z,0
CVE-2023-37522,https://securityvulnerability.io/vulnerability/CVE-2023-37522,HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags,"The HCL BigFix Bare OSD Metal Server WebUI up to version 311.19 contains vulnerabilities related to insecure or missing tags. This security flaw could be exploited by attackers, allowing them to inject and execute malicious scripts in the context of the user’s browser. Such vulnerabilities highlight the importance of addressing security best practices in web application development to safeguard against potential exploits that could compromise user data and system integrity.",HCL Software,HCL BigFix OSD Bare Metal Server WebUI,9.8,CRITICAL,0.0017000000225380063,false,,false,false,false,,,false,false,,2024-01-16T15:59:35.415Z,0
CVE-2023-45722,https://securityvulnerability.io/vulnerability/CVE-2023-45722,Path Traversal Arbitrary File Read affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is prone to a path traversal vulnerability that allows for arbitrary file reading. This issue arises due to the application's method of handling external input when constructing file paths, particularly those intended to be confined within a restricted parent directory. The vulnerability stems from inadequate neutralization of special characters in the input, which enables attackers to craft malicious pathnames. If exploited, the attacker could potentially access sensitive files located beyond the intended directory boundaries, which may lead to significant disruptions and unauthorized control over the application.",HCL Software,DRYiCE MyXalytics,8.8,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2024-01-03T03:15:00.000Z,0
CVE-2023-50342,https://securityvulnerability.io/vulnerability/CVE-2023-50342,Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics has a vulnerability related to Insecure Direct Object Reference (IDOR), which allows a user to gain unauthorized access to information about other users due to inadequate access control mechanisms. This weakness can lead to information disclosure, wherein sensitive user details are exposed, highlighting the critical need for robust access controls and user data protection strategies.",Hcl Software,Dryice Myxalytics,7.1,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-03T03:15:00.000Z,0
CVE-2023-45723,https://securityvulnerability.io/vulnerability/CVE-2023-45723,Path Traversal which allows file upload capability affects DRYiCE MyXalytics,HCL DRYiCE MyXalytics contains a path traversal vulnerability that enables unauthorized file uploads. This vulnerability arises from certain endpoints that allow users to manipulate the path and filename for stored files on the server. This can lead to potential unauthorized access and compromise of sensitive data if exploited. Users of HCL DRYiCE MyXalytics are advised to assess their environments and implement appropriate security measures to mitigate the risks associated with this vulnerability.,HCL Software,DRYiCE MyXalytics,7.6,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2024-01-03T03:15:00.000Z,0
CVE-2023-50343,https://securityvulnerability.io/vulnerability/CVE-2023-50343,Improper Access Control (Controller APIs) affects DRYiCE MyXalytics,"The HCL DRYiCE MyXalytics product is affected by an improper access control vulnerability, specifically in the Controller APIs. This flaw permits Customer Admin Users to access certain API endpoints that should remain protected, potentially exposing sensitive information related to other users. This vulnerability underlines the importance of stringent access controls and API security measures within the application to safeguard confidential data and maintain user privacy.",HCL Software,DRYiCE MyXalytics,8.3,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-01-03T03:15:00.000Z,0
CVE-2023-45724,https://securityvulnerability.io/vulnerability/CVE-2023-45724,Unauthenticated File Upload affects DRYiCE MyXalytics,"The HCL DRYiCE MyXalytics product is susceptible to an unauthenticated file upload vulnerability that allows malicious actors to upload arbitrary files to the web application. This weakness arises from inadequate authentication mechanisms, enabling attackers to bypass security controls and potentially manipulate the server or access sensitive data. Organizations using this product should assess their configurations and take immediate action to mitigate the risk associated with unauthorized file uploads.",HCL Software,DRYiCE MyXalytics,8.2,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2024-01-03T03:15:00.000Z,0
CVE-2023-50341,https://securityvulnerability.io/vulnerability/CVE-2023-50341,Improper Access Control affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is affected by an improper access control vulnerability that arises from the presence of obsolete web pages. This flaw allows unauthorized access to outdated and potentially sensitive information. The absence of adequate access control measures could inadvertently expose users to risks associated with data leaks and the exploitation of vulnerable endpoints, leading to further security compromises. Vigilant management of web resources and timely patches is essential to mitigate these risks.",HCL Software,DRYiCE MyXalytics,7.6,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2024-01-03T03:15:00.000Z,0
CVE-2023-50351,https://securityvulnerability.io/vulnerability/CVE-2023-50351,Insecure key rotation affects MyXalytics,"HCL DRYiCE MyXalytics is affected by a security vulnerability stemming from the use of an insecure key rotation mechanism. This vulnerability can potentially allow attackers to compromise the confidentiality and integrity of sensitive data within the product, highlighting a significant risk for organizations relying on HCL's solutions. Proper key management practices are essential to mitigate the risk associated with this issue and to ensure data protection.",HCL Software,DRYiCE MyXalytics,8.2,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2024-01-03T02:15:00.000Z,0
CVE-2023-50350,https://securityvulnerability.io/vulnerability/CVE-2023-50350,A broken cryptographic algorithm impacts MyXalytics,"HCL DRYiCE MyXalytics exhibits a vulnerability due to the implementation of a broken cryptographic algorithm. This flaw could potentially allow attackers to decrypt sensitive information, which poses a significant risk to data confidentiality. Organizations utilizing this product should assess their exposure and take necessary actions to mitigate the risk associated with this vulnerability.",HCL Software,DRYiCE MyXalytics,8.2,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2024-01-03T02:15:00.000Z,0
CVE-2023-37520,https://securityvulnerability.io/vulnerability/CVE-2023-37520,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored cross-site scripting (XSS) vulnerability has been identified in BigFix Server version 9.5.12.68. This vulnerability resides in the Gather Status Report feature, which is served by the BigFix Relay. Attackers could exploit this XSS vulnerability to execute arbitrary scripts in the context of an affected user’s browser, leading to potential data exfiltration and unauthorized access to sensitive information. Proper remediation measures are essential to mitigate the risks associated with this vulnerability.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-21T23:15:00.000Z,0
CVE-2023-37519,https://securityvulnerability.io/vulnerability/CVE-2023-37519,HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS),"An unauthenticated stored Cross-Site Scripting (XSS) vulnerability exists in the Download Status Report feature of the BigFix Server. Attackers can exploit this vulnerability to inject malicious scripts that can be executed in the context of a user's browser, potentially leading to data manipulation and exposure. Immediate action is recommended to secure affected instances and mitigate the risk of exploitation.",HCL Software,HCL BigFix Platform,7.7,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-21T22:15:00.000Z,0
CVE-2023-37503,https://securityvulnerability.io/vulnerability/CVE-2023-37503,A weak password requirements vulnerability affects HCL Compass,"HCL Compass is susceptible to inadequate password requirements, allowing attackers to easily guess passwords. This vulnerability could lead to unauthorized access to user accounts, posing significant risks to data integrity and confidentiality.",Hcl Software,Hcl Compass,8.1,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2023-10-19T03:15:00.000Z,0
CVE-2023-37504,https://securityvulnerability.io/vulnerability/CVE-2023-37504,An insufficient session expiration vulnerability affects HCL Compass,"HCL Compass features a significant vulnerability associated with session management, where authenticated sessions remain active even after the logout function is executed. This flaw allows an attacker to exploit session identifiers, facilitating replay attacks that enable user impersonation within the application. It is crucial for organizations using HCL Compass to address this vulnerability promptly to enhance their security posture.",Hcl Software,Hcl Compass,7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-10-19T01:15:00.000Z,0
CVE-2023-37502,https://securityvulnerability.io/vulnerability/CVE-2023-37502,An unrestricted file upload vulnerability affects HCL Compass,"HCL Compass has a file upload vulnerability that allows attackers to bypass security measures when uploading files. By exploiting this flaw, an attacker can potentially upload files containing executable code, leading to unauthorized code execution on the server or within a user's web browser. This could result in significant security risks, including data breaches or system compromise.",Hcl Software,Hcl Compass,9,CRITICAL,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-18T23:15:00.000Z,0
CVE-2023-37537,https://securityvulnerability.io/vulnerability/CVE-2023-37537,HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability,"An unquoted service path vulnerability exists in HCL AppScan Presence, which is deployed as a Windows service in HCL AppScan on Cloud (ASoC). This flaw may allow local attackers to execute malicious code with elevated privileges, potentially compromising the security of the affected system. Proper configuration and strict control measures are essential to mitigate the risks associated with this vulnerability.",Hcl Software,Hcl Appscan Presence,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-17T15:15:00.000Z,0
CVE-2023-37538,https://securityvulnerability.io/vulnerability/CVE-2023-37538,HCL Digital Experience is susceptible to cross site scripting (XSS),"HCL Digital Experience is vulnerable to a reflected cross site scripting (XSS) attack. This vulnerability allows an attacker to craft a malicious URL, which, when clicked by a victim, can lead to the execution of unintended scripts in the context of the user's session. The attacker may use various delivery mechanisms, such as email or third-party websites, to lure victims into opening the harmful link. This could result in unauthorized access to sensitive information or further exploitation of the web application.",Hcl Software,Digital Experience,9.3,CRITICAL,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-10-11T13:15:00.000Z,0
CVE-2023-37536,https://securityvulnerability.io/vulnerability/CVE-2023-37536,HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3,"An integer overflow vulnerability has been identified in the BigFix Platform, specifically in version 3.2.3 of xerces-c++. This vulnerability could be exploited by remote attackers, allowing them to induce out-of-bound access via crafted HTTP requests. Such an attack could potentially compromise the security and integrity of systems utilizing this specific version of BigFix Platform.",HCL Software Software,Bigfix Platform,8.2,HIGH,0.021649999544024467,false,,false,false,false,,,false,false,,2023-10-11T07:15:00.000Z,0