Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2025-0275 HCL BigFix Mobile 3.3 and earlier is affected by improper access control — BigFix MobileCWE-306 5.3 Medium2025-10-16
CVE-2025-0274 HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control — BigFix Modern Client ManagementCWE-306 5.3 Medium2025-10-16
CVE-2025-31995 HCL Unica MaxAI Workbench is vulnerable to improper input validation — MaxAI WorkbenchCWE-20 3.5 Low2025-10-13
CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS) — Unica CampaignCWE-79 4.3 Medium2025-10-13
CVE-2025-31996 Unprotected files are impacting HCL Unica Platform — Unica PlatformCWE-552 5.3 Medium2025-10-13
CVE-2025-52615 HCL Unica Platform is impacted by misconfigured security related HTTP headers — Unica PlatformCWE-693 3.5 Low2025-10-12
CVE-2025-52614 HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability — Unica PlatformCWE-614 3.5 Low2025-10-12
CVE-2025-31969 HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP) — Unica PlatformCWE-358 4.0 Medium2025-10-12
CVE-2025-31992 HCL MaxAI Assistant is susceptible to a HTML injection vulnerability — MaxAI AssistantCWE-80 4.6 Medium2025-10-12
CVE-2025-52616 HCL Unica 12.1.10 is affected by an exposure of sensitive information — UnicaCWE-497 5.3 Medium2025-10-12
CVE-2025-31998 HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information — Unica Centralized Offer ManagementCWE-703 3.5 Low2025-10-12
CVE-2025-31997 HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR) — Unica Centralized Offer ManagementCWE-639 4.2 Medium2025-10-12
CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF) — Unica Centralized Offer ManagementCWE-918 3.5 Low2025-10-12
CVE-2025-52647 HCL BigFix WebUI is affected by a host header poisoning vulnerability — BigFix WebUICWE-644 6.1 Medium2025-10-10
CVE-2025-52658 HCL MyXalytics is affected by the use of vulnerable/outdated versions — MyXalyticsCWE-1104 3.5 Low2025-10-03
CVE-2025-52654 HCL MyXalytics is affected by an HTML Injection — HCL MyXalyticsCWE-80 4.6 Medium2025-10-03
CVE-2025-0280 HCL Compass is affected by a security vulnerability — CompassCWE-257 7.5 High2025-09-03
CVE-2025-31971 AIML Solutions for HCL SX is susceptible to a URL validation vulnerability — AIML Solutions for SXCWE-425 5.1 Medium2025-08-28
CVE-2025-31979 A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM) — BigFix Service Management (SM)CWE-434 5.4 Medium2025-08-28
CVE-2025-31977 A cryptographic weakness has been identified in the HCL BigFix Service Management (SM) — BigFix Service Management (SM)CWE-311 5.3 Medium2025-08-28
CVE-2025-31972 HCL BigFix Service Management (SM) is affected by a Sensitive Information Exposure vulnerability — BigFix Service Management (SM)CWE-319 6.5 Medium2025-08-28
CVE-2025-31988 HCL Digital Experience is susceptible to cross site scripting (XSS) — Digital ExperienceCWE-79 4.9 Medium2025-08-19
CVE-2025-52618 HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability — BigFix SaaS RemediateCWE-89 4.3 Medium2025-08-15
CVE-2025-52619 HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure — BigFix SaaS RemediateCWE-209 5.3 Medium2025-08-15
CVE-2025-52620 HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability — BigFix SaaS RemediateCWE-20 4.3 Medium2025-08-15
CVE-2025-52621 HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning — BigFix SaaS RemediateCWE-346 5.3 Medium2025-08-15
CVE-2025-31961 HCL Connections is vulnerable to broken access control — ConnectionsCWE-1220 3.7 Low2025-08-15
CVE-2025-31987 HCL Connections Docs is vulnerable to a Denial of Service (DoS) attack — Connections DocsCWE-405 4.8 Medium2025-08-14
CVE-2025-31965 HCL BigFix Remote Control is affected by an authorization bypass vulnerability — BigFix Remote ControlCWE-305 8.2 High2025-07-29
CVE-2025-0253 HCL IEM is affected by a cookie attribute not set vulnerability — IEMCWE-384 2.0 Low2025-07-25

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.