Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2022-27544 HCL BigFix Web Reports authorized users may see sensitive information in clear text — HCL BigFixCWE-522 5.0 Medium2022-07-19
CVE-2022-27549 HCL Launch could disclose sensitive database information to a local user in plain text. — HCL LaunchCWE-532 4.0 Medium2022-07-06
CVE-2022-27548 HCL Launch is vulnerable to information disclosure which can be read by a local user. — HCL LaunchCWE-256 4.9 Medium2022-07-06
CVE-2021-27786 HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted — HCL OneTest ServerCWE-942 4.6 Medium2022-06-07
CVE-2021-27778 HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information. — HCL TravelerCWE-79 4.9 Medium2022-05-31
CVE-2021-27781 HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting — HCL BigFix Mobile / Modern Client ManagementCWE-79 6.6 Medium2022-05-27
CVE-2021-27780 HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction — HCL BigFix Mobile / Modern Client ManagementCWE-112 5.3 Medium2022-05-27
CVE-2021-27783 HCL BigFix Mobile / Modern Client Management is vulnerable to sensitive information exposure — HCL BigFix Mobile / Modern Client ManagementCWE-311 6.8 Medium2022-05-25
CVE-2021-27779 A Security Misconfiguration vulnerability affects HCL VersionVault Express — HCL VersionVault ExpressCWE-311 9.1 Critical2022-05-25
CVE-2020-4107 HCL Domino is affected by an Insufficient Access Control vulnerability — HCL DominoCWE-284 8.8 High2022-05-19
CVE-2021-27777 HCL Unica Platform is vulnerable to XML External Entity (XXE) injection — HCL UnicaCWE-91 7.5 High2022-05-12
CVE-2021-27773 HCL Sametime is vulnerable to clickjacking — SametimeCWE-451 4.2 Medium2022-05-12
CVE-2021-27772 HCL Sametime is vulnerable to an information disclosure — SametimeCWE-285 7.1 High2022-05-12
CVE-2021-27771 HCL Sametime is susceptible a file transfer service vulnerability — SametimeCWE-434 8.2 High2022-05-12
CVE-2021-27770 HCL Sametime is vulnerable to arbitrary HTTP requests — SametimeCWE-472 6.8 Medium2022-05-12
CVE-2021-27769 HCL Sametime is vulnerable to an information disclosure — SametimeCWE-472 5.3 Medium2022-05-12
CVE-2021-27768 An SSL certificate host verification vulnerability affects HCL Verse for Android — Verse for AndroidCWE-300 6.3 Medium2022-05-12
CVE-2021-27767 HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability — BigFix PlatformCWE-269 6.7 Medium2022-05-06
CVE-2021-27766 HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability — BigFix PlatformCWE-269 6.7 Medium2022-05-06
CVE-2021-27765 HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability — BigFix PlatformCWE-269 6.7 Medium2022-05-06
CVE-2021-27764 HCL BigFix WebUI Cookie missing attributes — HCL BigFix WebUICWE-614 7.4 High2022-05-06
CVE-2021-27762 HCL BigFix Platform is affected by misconfigured security-related HTTP headers — BigFix Platform 4.7 Medium2022-05-06
CVE-2021-27761 HCL BigFix Platform is affected by weak web transport security — BigFix Platform 4.8 Medium2022-05-06
CVE-2021-27760 HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart — HCL NotesCWE-20 4.6 Medium2022-05-06
CVE-2021-27759 HCL Technologies BigFix Platform 数据伪造问题漏洞 — HCL BigFix InventoryCWE-352 2.3 Low2022-05-06
CVE-2021-27758 HCL BigFix Platform 跨站请求伪造漏洞 — HCL BigFix InventoryCWE-352 4.3 Medium2022-05-06
CVE-2021-27751 HCL Commerce is affected by an Insufficient Session Expiration vulnerability. — HCL CommerceCWE-613 4.4 Medium2022-05-06
CVE-2020-4084 HCL Technologies Connections 跨站脚本漏洞 — HCL Connections 5.4 -2020-03-09
CVE-2020-4082 HCL Technologies Connections 跨站脚本漏洞 — "HCL Connections" 5.4 -2020-03-05
CVE-2020-4083 HCL Technologies Connections 日志信息泄露漏洞 — "HCL Connections" 5.5 -2020-03-05

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.