Filtered by vendor Hcltech
Subscribe
Total
338 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-02-24 | N/A | 6.1 MEDIUM |
|
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.
|
|||||
| CVE-2025-52603 | 1 Hcltech | 1 Connections | 2026-02-20 | N/A | 3.5 LOW |
|
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
|
|||||
| CVE-2023-37525 | 1 Hcltech | 1 Bigfix Compliance | 2026-02-12 | N/A | 5.3 MEDIUM |
|
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.
|
|||||
| CVE-2025-52623 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 3.7 LOW |
|
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.
|
|||||
| CVE-2025-52628 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 4.6 MEDIUM |
|
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
|
|||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 3.7 LOW |
|
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
|
|||||
| CVE-2025-52633 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 3.1 LOW |
|
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.
|
|||||
| CVE-2025-52626 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 4.5 MEDIUM |
|
A Potential Command Injection vulnerability in HCL AION.
An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
|
|||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 5.5 MEDIUM |
|
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
|
|||||
| CVE-2025-52629 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 3.7 LOW |
|
HCL AION is susceptible to Missing Content-Security-Policy.
An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
|
|||||
| CVE-2025-55251 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 3.1 LOW |
|
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
|
|||||
| CVE-2025-55249 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 3.5 LOW |
|
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.
|
|||||
| CVE-2025-52661 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 2.4 LOW |
|
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
|
|||||
| CVE-2025-52660 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 2.7 LOW |
|
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
|
|||||
| CVE-2025-52659 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 2.8 LOW |
|
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
|
|||||
| CVE-2025-55252 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 3.1 LOW |
|
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access
|
|||||
| CVE-2025-55250 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 1.8 LOW |
|
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
|
|||||
| CVE-2025-59870 | 1 Hcltech | 1 Myxalytics | 2026-01-23 | N/A | 7.4 HIGH |
|
HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk
|
|||||
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-22 | N/A | 2.9 LOW |
|
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
|
|||||
| CVE-2025-31964 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-21 | N/A | 2.2 LOW |
|
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
|
|||||
| CVE-2025-31962 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-12 | N/A | 2.0 LOW |
|
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
|
|||||
| CVE-2023-37540 | 1 Hcltech | 1 Sametime | 2026-01-09 | N/A | 3.9 LOW |
|
Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.
|
|||||
| CVE-2024-30150 | 1 Hcltech | 1 Dryice Mycloud | 2026-01-09 | N/A | 5.3 MEDIUM |
|
HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users.
|
|||||
| CVE-2024-23556 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 5.9 MEDIUM |
|
SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.
|
|||||
| CVE-2024-23554 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 5.7 MEDIUM |
|
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).
|
|||||
| CVE-2024-23583 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2026-01-08 | N/A | 6.7 MEDIUM |
|
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.
|
|||||
| CVE-2024-30124 | 1 Hcltech | 1 Sametime | 2026-01-08 | N/A | 4.0 MEDIUM |
|
HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.
|
|||||
| CVE-2023-45706 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 2.0 LOW |
|
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.
|
|||||
| CVE-2023-45715 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 3.5 LOW |
|
The console may experience a service interruption when processing file names with invalid characters.
|
|||||
| CVE-2024-30149 | 1 Hcltech | 1 Appscan Source | 2026-01-08 | N/A | 4.8 MEDIUM |
|
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.
|
|||||
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2025-12-31 | N/A | 4.1 MEDIUM |
|
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
|
|||||
| CVE-2025-63401 | 1 Hcltech | 1 Dragon | 2025-12-18 | N/A | 5.5 MEDIUM |
|
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
|
|||||
| CVE-2025-63402 | 1 Hcltech | 1 Dragon | 2025-12-18 | N/A | 5.5 MEDIUM |
|
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
|
|||||
| CVE-2025-51736 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 6.3 MEDIUM |
|
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
|
|||||
| CVE-2025-51735 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 7.5 HIGH |
|
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
|
|||||
| CVE-2025-51734 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
|
|||||
| CVE-2025-51733 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 5.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
|
|||||
| CVE-2024-23563 | 1 Hcltech | 1 Connections Docs | 2025-11-25 | N/A | 3.9 LOW |
|
HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
|
|||||
| CVE-2025-31987 | 1 Hcltech | 1 Connections Docs | 2025-11-21 | N/A | 4.8 MEDIUM |
|
HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.
|
|||||
| CVE-2025-52639 | 1 Hcltech | 1 Connections | 2025-11-20 | N/A | 3.5 LOW |
|
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.
|
|||||