hcltech

395 tracked vulnerabilities.

CVE-2025-52632 MEDIUM
HCL AION 2.0 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Oct 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-52630 LOW
HCL AION 2.0 - Exposure of Sensitive Information to an Unauthorized Actor
Oct 10, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-52658 LOW
HCL MyXalytics - Info Disclosure
Oct 03, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-52656 HIGH
HCL MyXalytics: 6.6 - Info Disclosure
Oct 03, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-52654 MEDIUM
HCL MyXalytics 6.6 - HTML Injection
Oct 03, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-52653 HIGH
HCL MyXalytics - Cross-Site Scripting
Oct 03, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-31977 MEDIUM
HCL BigFix SM - Cryptographic Weakness via Weak Encryption Algorithms
Aug 28, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-31972 MEDIUM
HCL BigFix SM - Sensitive Information Exposure via Cleartext Internal Connections
Aug 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-31988 MEDIUM
HCL Digital Experience - Stored Cross-Site Scripting in Administrative UI
Aug 19, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-52621 MEDIUM
HCL BigFix SaaS < 8.1.14 - Cache Poisoning via Origin Header Reflection
Aug 15, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-52620 MEDIUM
HCL BigFix SaaS < 8.1.14 - Cross-Site Scripting via Image Upload
Aug 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-52619 MEDIUM
HCL BigFix SaaS < 8.1.14 - Sensitive Information Disclosure in Authentication Service Error Messages
Aug 15, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-52618 MEDIUM
HCL BigFix SaaS < 8.1.14 - SQL Injection
Aug 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31961 LOW
HCL Connections - Unauthorized Data Update via Broken Access Control
Aug 15, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-31987 MEDIUM
HCL Connections Docs - Denial of Service via Document Upload Validation Bypass
Aug 14, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-0253 LOW
HCL IntelliOps Event Management - Session Fixation via Insecure Cookie Attributes
Jul 25, 2025
CVSS 2.0
EPSS 0.00
CVE-2025-0252 LOW
HCL IntelliOps Event Management - Cleartext Transmission of Sensitive Information
Jul 25, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-0251 LOW
HCL IntelliOps Event Management - Concurrent Session Vulnerability
Jul 25, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-0250 LOW
HCL IntelliOps Event Management - Cleartext Transmission of Sensitive Information via Cookie
Jul 25, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-0249 LOW
HCL IntelliOps Event Management - Improper JWT Token Invalidation
Jul 25, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-31955 HIGH
HCL iAutomate - Exposure of Sensitive Information to an Unauthorized Actor
Jul 24, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-31953 HIGH
HCL iAutomate - Use of Hard-coded Credentials
Jul 24, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-31952 HIGH
HCL iAutomate - Insufficient Session Expiration
Jul 24, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-0279 MEDIUM
HCL Traveler < 14.0.0.1 - Sensitive Information Exposure via Error Messages
Apr 03, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0278 MEDIUM
HCL Traveler < 14.0.0.1 - Internal Path Disclosure in Windows Application
Apr 03, 2025
CVSS 4.3
EPSS 0.00
Products
bigfix_platform 33 dryice_myxalytics 31 aion 29 connections 22 domino 22 bigfix_service_management 18 aftermarket_cloud 17 sametime 17 unica 17 hcl_leap 11 notes 11 bigfix_mobile 10 bigfix_compliance 9 domino_leap 9 appscan 8 digital_experience 8 bigfix_webui 7 hcl_inotes 7 bigfix_modern_client_management 6 dryice_iautomate 6 traveler 6 bigfix_insights_for_vulnerability_remediation 5 dfxanalytics 5 intelliops_event_management 5 traveler_for_microsoft_outlook 5 verse 5 bigfix_saas 4 dryice_aex 4 hcl_compass 4 hcl_digital_experience 4
Quick Filters
Critical CVEs With Exploits In CISA KEV