hcltech

410 tracked vulnerabilities.

CVE-2025-31983 LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header
May 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-31982 LOW
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl
May 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-31978 MEDIUM
HCL BigFix Service Management (SM) does not adequately sanitize or safely render
May 06, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-31976 MEDIUM
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials
May 06, 2026
CVSS 4.8
EPSS 0.00
CVE-2025-31975 LOW
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.
May 06, 2026
CVSS 2.6
EPSS 0.00
CVE-2025-31959 LOW
HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.
May 06, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-31957 LOW
HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.
May 06, 2026
CVSS 2.6
EPSS 0.00
CVE-2025-59854 LOW
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
May 06, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-59853 LOW
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability
May 06, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-59852 LOW
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability
May 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-59851 LOW
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
May 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-31970 MEDIUM
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-31981 MEDIUM
HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption
Apr 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-31958 LOW
HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
Apr 21, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-52641 LOW
Internal Filesystem Exploration vulnerability
Apr 15, 2026
CVSS 2.9
EPSS 0.00
CVE-2025-31991 MEDIUM
HCL DevOps Velocity is susceptible to brute-force attacks
Apr 13, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-55264 MEDIUM
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change
Mar 26, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55263 HIGH
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data
Mar 26, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-55262 HIGH
HCL Aftermarket DPC is affected by SQL Injection
Mar 26, 2026
CVSS 8.3
EPSS 0.00
CVE-2025-55261 HIGH
HCL Aftermarket DPC is affected by Missing Functional Level Access Control
Mar 26, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-55277 LOW
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability
Mar 26, 2026
CVSS 2.6
EPSS 0.00
CVE-2025-55276 LOW
HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability
Mar 26, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55275 LOW
HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability
Mar 26, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-55274 LOW
HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability
Mar 26, 2026
CVSS 2.6
EPSS 0.00
CVE-2025-55273 MEDIUM
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability
Mar 26, 2026
CVSS 4.3
EPSS 0.00