HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

CVEs 330

CVE ID	Title	CVSS	Severity	Published
CVE-2022-44756	HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation — BigFix Insights for Vulnerability Remediation	6.4	Medium	2022-12-19
CVE-2022-42454	HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper certificate validation — BigFix Insights for Vulnerability Remediation	6.4	Medium	2022-12-19
CVE-2022-42453	HCL BigFix Platform is affected by insufficient warnings — BigFix Platform	6.9	Medium	2022-12-17
CVE-2022-38659	HCL BigFix Platform is affected by insecure credential storage — BigFix Platform	6.0	Medium	2022-12-17
CVE-2022-44754	HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. — Domino	9.8	Critical	2022-12-17
CVE-2022-44752	HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView — Domino	9.8	Critical	2022-12-17
CVE-2022-44750	HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. — Domino	9.8	Critical	2022-12-17
CVE-2022-44755	HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView — Notes	9.8	Critical	2022-12-17
CVE-2022-44753	HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView — Notes	9.8	Critical	2022-12-17
CVE-2022-44751	HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView — Notes	9.8	Critical	2022-12-17
CVE-2022-38653	HCL Digital Experience is susceptible to cross-site scripting (XSS) — HCL Digital Experience	2.0	Low	2022-12-15
CVE-2022-38662	HCL Digital Experience is susceptible to open redirects — HCL Digital Experience	6.1	Medium	2022-12-15
CVE-2022-42446	HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access — HCL Sametime	6.5	Medium	2022-11-30
CVE-2022-42445	HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445) — HCL Launch	4.9	Medium	2022-11-28
CVE-2022-38656	HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability — HCL Commerce	8.6	High	2022-11-04
CVE-2022-38661	HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager — HCL Workload Automation	6.2	Medium	2022-11-04
CVE-2022-38654	HCL Domino is susceptible to an information disclosure vulnerability — HCL DominoCWE-200	5.5	Medium	2022-11-04
CVE-2022-38660	HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability — HCL DominoCWE-352	8.3	High	2022-11-04
CVE-2020-4099	HCL Verse for Android is susceptible to an APK signing key check vulnerability — HCL Verse for AndroidCWE-326	5.9	Medium	2022-11-01
CVE-2021-27784	HCL Launch container images may contain non-unique https certificates and database encryption key — HCL LaunchCWE-327	5.9	Medium	2022-10-31
CVE-2021-27774	An injection vulnerability affects HCL Digital Experience — HCL Digital ExperienceCWE-209	3.1	Low	2022-09-22
CVE-2022-27561	HCL Traveler is susceptible to a Reflected Cross-Site Scripting vulnerability in the web admin (LotusTraveler.nsf) — HCL TravelerCWE-79	7.5	High	2022-09-15
CVE-2022-27563	Overload/denial of service affects HCL VersionVault Express — HCL VersionVault ExpressCWE-754	7.5	High	2022-08-30
CVE-2022-27560	An insufficiently protected credential vulnerability affects HCL VersionVault Express — HCL VersionVault ExpressCWE-522	6.0	Medium	2022-08-30
CVE-2022-27558	HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. — HCL iNotesCWE-521	5.9	Medium	2022-08-29
CVE-2022-27547	HCL iNotes is susceptible to a link to non-existent domain vulnerability. — HCL iNotesCWE-601	6.1	Medium	2022-08-29
CVE-2022-27546	HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability — HCL iNotesCWE-79	8.3	High	2022-08-29
CVE-2022-27551	HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551) — HCL LaunchCWE-863	5.3	Medium	2022-08-03
CVE-2021-27785	HCL Commerce could allow a local attacker to obtain sensitive personal information (CVE-2021-27785) — HCL CommerceCWE-522	3.9	Low	2022-07-29
CVE-2022-27545	HCL BigFix Web Reports authorized users may perform HTML injection. — HCL BigFixCWE-79	4.6	Medium	2022-07-19

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

HCL Software — Vulnerabilities & Security Advisories 330