Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2024-30128 An open proxy vulnerability affects HCL Nomad server on Domino — Nomad server on Domino 8.6 High2024-09-25
CVE-2024-30130 HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive information vulnerability — Nomad server on DominoCWE-525 3.7 Low2024-07-19
CVE-2024-30126 HCL BigFix Compliance is affected by a missing X-Frame-Options Header vulnerability — BigFix Compliance 4.7 Medium2024-07-18
CVE-2024-30125 HCL BigFix Compliance is affected by an internal server error — BigFix Compliance 6.2 Medium2024-07-18
CVE-2024-23562 HCL Domino is susceptible to an information disclosure vulnerability — Domino Server 5.3 Medium2024-07-08
CVE-2024-23588 A denial of service vulnerability affects HCL Nomad server on Domino — Nomad server on Domino 5.3 Medium2024-07-05
CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10 — DRYiCE AEXCWE-200 3.3 Low2024-06-28
CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10 — DRYiCE AEXCWE-1326 3.3 Low2024-06-28
CVE-2024-30110 Lack of input validation vulnerability affects DRYiCE AEX v10 — DRYiCE AEXCWE-20 3.7 Low2024-06-28
CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10 — DRYiCE AEXCWE-1021 3.7 Low2024-06-28
CVE-2024-30112 HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability — Connections 5.4 Medium2024-06-25
CVE-2023-37541 HCL Connections is vulnerable to broken access control — Connections 3.5 Low2024-06-25
CVE-2024-30120 HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application — DRYiCE Optibot Reset StationCWE-563 2.9 Low2024-06-14
CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header — DRYiCE Optibot Reset StationCWE-522 3.7 Low2024-06-14
CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS) — Connections Docs 4.4 Medium2024-06-08
CVE-2023-37539 HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability — Domino Server 8.4 High2024-06-06
CVE-2024-23580 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs) — DRYiCE Optibot Reset Station 6.5 Medium2024-05-28
CVE-2024-23579 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions — DRYiCE Optibot Reset Station 6.5 Medium2024-05-28
CVE-2024-23556 HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation — BigFix Platform 5.9 Medium2024-05-17
CVE-2024-23554 HCL BigFix Platform is susceptible to Cross-Site Request Forgery — BigFix PlatformCWE-352 5.7 Medium2024-05-17
CVE-2024-23583 HCL BigFix Platform is susceptible to insufficiently protected credentials — BigFix PlatformCWE-522 6.7 Medium2024-05-17
CVE-2024-23576 HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability — Commerce 7.1 High2024-05-13
CVE-2023-37526 HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability — DRYiCE Lucy 6.5 Medium2024-05-10
CVE-2024-23551 HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint — BigFix ComplianceCWE-522 6.5 Medium2024-05-07
CVE-2024-30107 HCL Connections is vulnerable to broken access control — Connections 3.5 Low2024-04-18
CVE-2024-23557 HCL Connections is vulnerable to a user enumeration vulnerability — Connections 3.5 Low2024-04-18
CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout — DevOps Deploy / Launch 6.3 Medium2024-04-15
CVE-2024-23561 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability — DevOps Deploy / Launch 4.3 Medium2024-04-15
CVE-2024-23560 HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type — DevOps Deploy / Launch 4.4 Medium2024-04-15
CVE-2024-23559 HCL DevOps Deploy / Launch is generating an obsolete HTTP header — DevOps Deploy / Launch 6.1 Medium2024-04-15

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.