Hcltech Verse
By the Year
In 2024 there have been 0 vulnerabilities in Hcltech Verse . Last year Verse had 3 security vulnerabilities published. Right now, Verse is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 5.87 |
| 2022 | 2 | 6.70 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Verse vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Verse Security Vulnerabilities
HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability
CVE-2023-37496
5.4 - Medium
- August 01, 2023
HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
XSS
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability
CVE-2023-28013
6.1 - Medium
- July 26, 2023
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
XSS
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability
CVE-2021-27788
6.1 - Medium
- March 10, 2023
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
XSS
The application was signed using a key length less than or equal to 1024 bits
CVE-2020-4099
7.5 - High
- November 01, 2022
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
Inadequate Encryption Strength
Using the ability to perform a Man-in-the-Middle (MITM) attack
CVE-2021-27768
5.9 - Medium
- May 12, 2022
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Verse or by Hcltech? Click the Watch button to subscribe.
