HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

CVEs 330

CVE ID	Title	CVSS	Severity	Published
CVE-2024-42181	HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability — DRYiCE MyXalyticsCWE-319	1.6	Low	2025-01-12
CVE-2024-42180	HCL MyXalytics is affected by a malicious file upload vulnerability — DRYiCE MyXalyticsCWE-434	1.6	Low	2025-01-12
CVE-2024-42179	HCL MyXalytics is affected by sensitive information disclosure vulnerability — DRYiCE MyXalyticsCWE-200	2.0	Low	2025-01-12
CVE-2024-42175	HCL MyXalytics is affected by a weak input validation vulnerability — DRYiCE MyXalyticsCWE-20	2.6	Low	2025-01-11
CVE-2024-42174	HCL MyXalytics is affected by username enumeration vulnerability — DRYiCE MyXalyticsCWE-204	3.7	Low	2025-01-11
CVE-2024-42173	HCL MyXalytics is affected by an improper password policy implementation vulnerability — DRYiCE MyXalyticsCWE-521	4.8	Medium	2025-01-11
CVE-2024-42172	HCL MyXalytics is affected by broken authentication — DRYiCE MyXalyticsCWE-287	5.3	Medium	2025-01-11
CVE-2024-42171	HCL MyXalytics is affected by insufficient session expiration — DRYiCE MyXalyticsCWE-384	6.4	Medium	2025-01-11
CVE-2024-42170	HCL MyXalytics is affected by a session fixation vulnerability — DRYiCE MyXalyticsCWE-384	6.8	Medium	2025-01-11
CVE-2024-42169	HCL MyXalytics is affected by insecure direct object references — DRYiCE MyXalyticsCWE-639	7.1	High	2025-01-11
CVE-2024-42168	HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability — DRYiCE MyXalyticsCWE-610	8.9	High	2025-01-11
CVE-2024-42194	HCL BigFix Inventory is affected by an access control vulnerability — BigFix InventoryCWE-280	3.1	Low	2024-12-17
CVE-2024-30129	HCL Nomad server on Domino is affected by a host header injection vulnerability — Nomad server on DominoCWE-644	5.3	Medium	2024-12-06
CVE-2024-42196	HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability — LaunchCWE-532	6.2	Medium	2024-12-06
CVE-2024-42195	HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection — DevOps Deploy / LaunchCWE-80	3.1	Low	2024-12-05
CVE-2024-42188	HCL Connections is vulnerable to a broken access control vulnerability — Connections	3.7	Low	2024-11-14
CVE-2024-30133	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability — HCL Traveler for Microsoft Outlook (HTMO)	5.3	Medium	2024-11-12
CVE-2024-30142	HCL BigFix Compliance is affected by a missing secure flag on a cookie — BigFix ComplianceCWE-614	3.8	Low	2024-11-07
CVE-2024-30141	HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information — BigFix ComplianceCWE-209	4.7	Medium	2024-11-07
CVE-2024-30140	HCL BigFix Compliance is affected by unvalidated redirects and forwards — BigFix ComplianceCWE-601	5.4	Medium	2024-11-07
CVE-2024-30149	HCL AppScan Source is affected by an expired TLS/SSL certificate — AppScan SourceCWE-295	4.8	Medium	2024-10-31
CVE-2024-30106	HCL Connections is vulnerable to an information disclosure vulnerability — ConnectionsCWE-200	3.5	Low	2024-10-28
CVE-2023-50355	HCL Sametime is impacted by generation of error messages containing sensitive information — SametimeCWE-209	3.6	Low	2024-10-23
CVE-2024-30124	HCL Sametime is impacted by insecure services — Sametime	4.0	Medium	2024-10-23
CVE-2024-30122	HCL Sametime is impacted by misconfigured security related HTTP headers — Sametime	5.8	Medium	2024-10-23
CVE-2024-30117	HCL BigFix Platform is affected by a DLL Hijack vulnerability — BigFix PlatformCWE-427	2.5	Low	2024-10-14
CVE-2024-30118	HCL Connections is susceptible to a sensitive information disclosure vulnerability — ConnectionsCWE-200	3.5	Low	2024-10-09
CVE-2024-30132	Missing default HTTP security headers affect HCL Nomad server on Domino — Nomad server on Domino	3.7	Low	2024-10-01
CVE-2024-23586	An insufficient session timeout vulnerability affects HCL Nomad server on Domino — Nomad server on DominoCWE-613	5.3	Medium	2024-09-27
CVE-2024-30134	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability — HCL Traveler for Microsoft Outlook	6.7	Medium	2024-09-26

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

HCL Software — Vulnerabilities & Security Advisories 330