Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Workload Automation by HCL Software
CVE-2023-28009 (GCVE-0-2023-28009)
Vulnerability from cvelistv5 – Published: 2023-04-26 19:38 – Updated: 2025-01-30 21:29
VLAI?
Title
HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
Summary
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Workload Automation |
Affected:
<=9.5.0.6, 10.1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:29:05.080614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:29:13.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workload Automation",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c=9.5.0.6, 10.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T19:38:54.631Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-28009",
"datePublished": "2023-04-26T19:38:54.631Z",
"dateReserved": "2023-03-10T03:50:27.022Z",
"dateUpdated": "2025-01-30T21:29:13.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28008 (GCVE-0-2023-28008)
Vulnerability from cvelistv5 – Published: 2023-04-26 19:24 – Updated: 2025-01-30 21:29
VLAI?
Title
HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
Summary
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Workload Automation |
Affected:
<=9.5.0.6, 10.1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:29:25.917052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:29:33.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workload Automation",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c=9.5.0.6, 10.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T19:24:37.974Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-28008",
"datePublished": "2023-04-26T19:24:37.974Z",
"dateReserved": "2023-03-10T03:50:27.022Z",
"dateUpdated": "2025-01-30T21:29:33.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28009 (GCVE-0-2023-28009)
Vulnerability from nvd – Published: 2023-04-26 19:38 – Updated: 2025-01-30 21:29
VLAI?
Title
HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
Summary
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Workload Automation |
Affected:
<=9.5.0.6, 10.1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:29:05.080614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:29:13.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workload Automation",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c=9.5.0.6, 10.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T19:38:54.631Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-28009",
"datePublished": "2023-04-26T19:38:54.631Z",
"dateReserved": "2023-03-10T03:50:27.022Z",
"dateUpdated": "2025-01-30T21:29:13.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28008 (GCVE-0-2023-28008)
Vulnerability from nvd – Published: 2023-04-26 19:24 – Updated: 2025-01-30 21:29
VLAI?
Title
HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
Summary
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Workload Automation |
Affected:
<=9.5.0.6, 10.1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:29:25.917052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:29:33.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workload Automation",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c=9.5.0.6, 10.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T19:24:37.974Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104371"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-28008",
"datePublished": "2023-04-26T19:24:37.974Z",
"dateReserved": "2023-03-10T03:50:27.022Z",
"dateUpdated": "2025-01-30T21:29:33.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}