Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints throug
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system use
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return
Page 1+ Next →