Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2024-30114 HCL Leap is affected by a cross-site scripting (XSS) vulnerability — HCL LeapCWE-79 3.7 Low2025-04-24
CVE-2024-30147 HCL Leap is affected by a cross-site scripting (XSS) vulnerability — HCL LeapCWE-79 6.5 Medium2025-04-24
CVE-2024-30148 HCL Leap is affected by improper access control — HCL LeapCWE-284 4.1 Medium2025-04-24
CVE-2024-42178 HCL MyXalytics is affected by a failure to restrict URL access vulnerability — HCL MyXalyticsCWE-288 2.5 Low2025-04-17
CVE-2024-42177 HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities — HCL MyXalyticsCWE-326 2.6 Low2025-04-17
CVE-2024-42193 HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack — HCL BigFix PlatformCWE-295 7.4AIHighAI2025-04-15
CVE-2024-42189 HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack — HCL BigFix PlatformCWE-1287 7.5AIHighAI2025-04-15
CVE-2024-42200 HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack — HCL BigFix PlatformCWE-79 5.4AIMediumAI2025-04-15
CVE-2024-42208 HCL Connections is vulnerable to an information disclosure vulnerability — HCL ConnectionsCWE-200 3.5 Low2025-04-04
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler — HCL TravelerCWE-497 4.3 Medium2025-04-03
CVE-2025-0279 HCL Traveler is affected by generation of error messages containing sensitive information — HCL TravelerCWE-209 4.3 Medium2025-04-03
CVE-2025-0272 HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability — HCL DevOps Deploy / HCL LaunchCWE-80 5.4 Medium2025-04-03
CVE-2025-0257 HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services — HCL DevOps Deploy / HCL LaunchCWE-306 6.3 Medium2025-04-02
CVE-2025-0273 HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability — HCL DevOps Deploy / HCL LaunchCWE-532 5.5 Medium2025-03-27
CVE-2024-30155 HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability — HCL SXCWE-1275 5.5 Medium2025-03-26
CVE-2025-0255 HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability — HCL DevOps Deploy / HCL LaunchCWE-78 7.2 High2025-03-24
CVE-2025-0256 HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure — HCL DevOps Deploy / HCL LaunchCWE-306 4.3 Medium2025-03-24
CVE-2025-0254 HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. — HCL Digital ExperienceCWE-295 5.9 Medium2025-03-20
CVE-2024-42176 HCL MyXalytics is affected by concurrent login vulnerability — HCL MyXalytics 2.6 Low2025-03-19
CVE-2024-30143 A path traversal vulnerability in HCL AppScan Traffic Recorder — HCL AppScan Traffic RecorderCWE-22 4.3 Medium2025-03-13
CVE-2024-30154 HCL SX is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability — HCL SX 5.3 Medium2025-03-03
CVE-2024-30150 An unauthenticated privilege escalation vulnerability affects HCL MyCloud — MyCloudCWE-269 5.3 Medium2025-02-25
CVE-2024-23563 HCL Connections Docs is vulnerable to a sensitive information disclosure — Connections DocsCWE-200 3.9 Low2025-02-12
CVE-2024-42207 HCL iAutomate is affected by a session fixation vulnerability — iAutomateCWE-384 5.5 Medium2025-02-05
CVE-2024-42187 HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability — BigFix Patch Management Download Plug-insCWE-22 5.3 Medium2025-01-23
CVE-2024-42186 HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support — BigFix Patch Management Download Plug-insCWE-295 2.8 Low2025-01-23
CVE-2024-42185 HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks — BigFix Patch Management Download Plug-insCWE-611 2.5 Low2025-01-23
CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme — BigFix Patch Management Download Plug-insCWE-84 2.5 Low2025-01-23
CVE-2024-42183 HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability — BigFix Patch Management Download Plug-insCWE-494 2.5 Low2025-01-23
CVE-2024-42182 HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability — BigFix Patch Management Download Plug-insCWE-918 2.5 Low2025-01-23

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.