Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2025-0252 HCL IEM is affected by a password in cleartext vulnerability — IEMCWE-319 2.6 Low2025-07-25
CVE-2025-0251 HCL IEM is affected by a concurrent login vulnerability — IEMCWE-384 2.6 Low2025-07-25
CVE-2025-0250 HCL IEM is affected by an authorization token sent in cookie vulnerability — IEMCWE-319 2.2 Low2025-07-24
CVE-2025-0249 HCL IEM is affected by an improper invalidation of access or JWT token vulnerability — IEMCWE-287 3.3 Low2025-07-24
CVE-2025-31952 HCL iAutomate is affected by an insufficient session expiration — iAutomateCWE-613 7.1 High2025-07-24
CVE-2025-31955 HCL iAutomate is affected by a sensitive data exposure vulnerability — iAutomateCWE-200 7.6 High2025-07-24
CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials — iAutomateCWE-798 7.1 High2025-07-24
CVE-2024-42209 HCL Connections is vulnerable to an information disclosure vulnerability — ConnectionsCWE-200 3.5 Low2025-07-17
CVE-2024-42191 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to COM hijacking — HCL Traveler for Microsoft Outlook (HTMO)CWE-427 6.5 Medium2025-05-30
CVE-2024-42190 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to DLL hijacking — HCL Traveler for Microsoft Outlook (HTMO)CWE-427 6.5 Medium2025-05-30
CVE-2024-23589 HCL Glovius Cloud is susceptible to an Outdated Hash Algorithm vulnerability — HCL Glovius CloudCWE-328 6.8 Medium2025-05-30
CVE-2024-42213 HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment — HCL BigFix ComplianceCWE-531 5.3 Medium2025-05-05
CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute — HCL BigFix ComplianceCWE-1275 5.4 Medium2025-05-05
CVE-2024-30146 HCL Domino Leap is affected by improper access control — HCL Domino LeapCWE-284 4.1 Medium2025-04-30
CVE-2024-30145 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability — HCL Domino LeapCWE-79 6.5 Medium2025-04-30
CVE-2024-30115 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability — HCL Domino LeapCWE-79 6.3 Medium2025-04-30
CVE-2023-45721 HCL Domino Volt and Domino Leap are affected by a disclosure of private personal information vulnerability — HCL Domino LeapCWE-359 5.3 Medium2025-04-30
CVE-2023-37535 HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability — HCL Domino LeapCWE-79 7.1 High2025-04-30
CVE-2023-37517 HCL Domino Volt and Domino Leap are affected by missing "no cache" headers — HCL Domino LeapCWE-524 3.2 Low2025-04-30
CVE-2022-42450 HCL Domino Volt is affected by Cross-site scripting (XSS) — HCL Domino VoltCWE-79 4.6 Medium2025-04-30
CVE-2022-42449 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type — HCL Domino VoltCWE-434 4.6 Medium2025-04-30
CVE-2022-27562 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type — HCL Domino VoltCWE-434 4.6 Medium2025-04-30
CVE-2024-30152 HCL SX is affected by usage of a weak cryptographic algorithm — HCL SXCWE-327 6.5 Medium2025-04-25
CVE-2022-44759 HCL Leap is affected by Cross-site scripting (XSS) — HCL LeapCWE-79 4.6 Medium2025-04-24
CVE-2022-44760 HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability — HCL LeapCWE-434 4.6 Medium2025-04-24
CVE-2023-37516 HCL Leap is affected by missing "no cache" headers — HCL LeapCWE-524 3.2 Low2025-04-24
CVE-2024-30127 HCL Leap is affected by missing "no cache" headers — HCL LeapCWE-524 3.2 Low2025-04-24
CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability — HCL LeapCWE-79 7.1 High2025-04-24
CVE-2023-45720 HCL Leap is affected by a disclosure of private personal information vulnerability — HCL LeapCWE-359 5.3 Medium2025-04-24
CVE-2024-30113 HCL Leap is affected by a cross-site scripting (XSS) vulnerability — HCL LeapCWE-79 6.3 Medium2025-04-24

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.