Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2025-31974 HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only — BigFix Service Management (SM)CWE-1188 3.9 Low2026-05-06
CVE-2025-31976 HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials — BigFix Service Management (SM)CWE-200 4.8 Medium2026-05-06
CVE-2025-31978 HCL BigFix Service Management (SM) does not adequately sanitize or safely render — BigFix Service Management (SM)CWE-201 4.6 Medium2026-05-06
CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. — BigFix Service Management (SM)CWE-1230 3.5 Low2026-05-06
CVE-2025-31982 HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl — BigFix Service Management (SM)CWE-200 3.7 Low2026-05-06
CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. — BigFix Service Management (SM)CWE-352 2.6 Low2026-05-06
CVE-2025-59873 Session Token Exposure via URL Query Parameters — ZIE for Web 5.9 Medium2026-02-23
CVE-2025-55252 HCL AION is affected by a Weak Password Policy vulnerability — AIONCWE-521 3.1 Low2026-01-19
CVE-2025-55250 HCL AION is affected by a Technical Error Disclosure vulnerability — AIONCWE-209 1.8 Low2026-01-19
CVE-2025-52661 HCL AION 安全漏洞 — AIONCWE-613 2.4 Low2026-01-19
CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability. — AIONCWE-693 3.5 Low2026-01-19
CVE-2025-52659 HCL AION is affected by a Cacheable HTTP Response vulnerability — AIONCWE-525 2.8 Low2026-01-19
CVE-2025-52660 HCL AION is affected by an Host Header Injection vulnerability — AIONCWE-644 2.7 Low2026-01-19
CVE-2025-55251 HCL AION is affected by an Unrestricted File Upload vulnerability — AIONCWE-434 3.1 Low2026-01-19
CVE-2025-59870 Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk — MyXalytics 7.4 High2026-01-16
CVE-2025-55254 HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI) — BigFix Remote ControlCWE-601 3.7 Low2025-12-17
CVE-2025-59849 HCL BigFix Remote Control is vulnerable to an insecure CSP configuration — BigFix Remote ControlCWE-1021 4.7 Medium2025-12-17
CVE-2025-62329 HCL DevOps Deploy / HCL Launch is susceptible to an insufficient session expiration vulnerability — DevOps Deploy / LaunchCWE-613 5.0 Medium2025-12-16
CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information — DevOps DeployCWE-319 5.9 Medium2025-12-16
CVE-2024-42197 HCL Workload Scheduler is vulnerable to plain text storage of a password — Workload SchedulerCWE-256 5.5 Medium2025-12-11
CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability — BigFix SaaS RemediateCWE-1188 5.4 Medium2025-12-02
CVE-2025-0248 HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability, — iNotesCWE-20 8.1 High2025-11-25
CVE-2025-62346 HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability — Glovius CloudCWE-352 6.8 Medium2025-11-20
CVE-2025-52639 HCL Connections is vulnerable to sensitive information disclosure — ConnectionsCWE-201 3.5 Low2025-11-18
CVE-2025-55278 HCL DevOps Loop is susceptible to an improper authentication vulnerability — DevOps LoopCWE-613 8.1 High2025-11-05
CVE-2025-31954 HCL iAutomate is susceptible to a sensitive information disclosure — iAutomateCWE-598 5.4 Medium2025-11-05
CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application — BigFix QueryCWE-359 4.2 Medium2025-11-05
CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage — Traveler for Microsoft OutlookCWE-522 5.5 Medium2025-10-16
CVE-2025-0277 HCL BigFix Mobile is affected by an insecure Content Security Policy (CSP) — BigFix MobileCWE-693 6.5 Medium2025-10-16
CVE-2025-0276 HCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP) — BigFix Modern Client ManagementCWE-693 6.5 Medium2025-10-16

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.