Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 330

Browse all 330 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Software specializes in enterprise application development and management tools, primarily serving large organizations with legacy and modernization needs. Its portfolio includes Domino, OpenPages, and various integration platforms, which historically present a diverse attack surface. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configurations or outdated underlying frameworks. The company has addressed numerous security flaws, with records indicating hundreds of disclosed CVEs over the years. Notable incidents have involved authentication bypasses and injection flaws in older versions of its collaboration suites. HCL Software generally responds to these issues through regular patch cycles and security advisories, though the sheer volume of legacy code contributes to the high number of recorded vulnerabilities. Users are advised to maintain strict update protocols to mitigate risks associated with these known security gaps.

Top products by HCL Software: DRYiCE MyXalytics BigFix Platform HCL Launch HCL Leap Connections BigFix Service Management (SM) Sametime AION HCL Connections BigFix Patch Management Download Plug-ins Nomad server on Domino HCL Sametime HCL Domino Leap BigFix Compliance iAutomate BigFix SaaS Remediate HCL DevOps Deploy / HCL Launch HCL BigFix Platform IEM DevOps Deploy / Launch HCL Unica Platform Unica Platform BigFix Insights for Vulnerability Remediation DRYiCE Optibot Reset Station HCL MyXalytics HCL Commerce HCL Digital Experience HCL Traveler DRYiCE AEX HCL BigFix Mobile / Modern Client Management
CVE IDTitleCVSSSeverityPublished
CVE-2023-37511 HCL Traveler To Do is affected by App Transport Security (ATS) settings allowing insecure loads in web content — HCL Traveler To Do 3.5 Low2023-08-11
CVE-2023-23342 HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented — HCL Nomad for web 6.6 Medium2023-08-10
CVE-2023-23347 Use of a broken cryptographic algorithm affects HCL DRYiCE iAutomate — HCL DRYiCE iAutomate 6.4 Medium2023-08-09
CVE-2023-23346 Use of a broken cryptographic algorithm affects HCL DRYiCE MyCloud — HCL DRYiCE MyCloud 6.4 Medium2023-08-09
CVE-2023-37501 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Campaign — HCL Unica Campaign 8.1 High2023-08-03
CVE-2023-37500 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform — HCL Unica Platform 8.1 High2023-08-03
CVE-2023-37499 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform — HCL Unica Platform 8.1 High2023-08-03
CVE-2023-37498 HCL Unica Platform is vulnerable to a privilege escalation by unauthorized group assignation — HCL Unica Platform 8.1 High2023-08-03
CVE-2023-37497 An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform — HCL Unica Platform 8.1 High2023-08-03
CVE-2023-37496 HCL Verse is susceptible to a Stored Cross-Site Scripting (XSS) Vulnerability — HCL Verse 8.3 High2023-08-01
CVE-2023-28013 HCL Verse is susceptible to a Reflected Cross-Site Scripting (XSS) Vulnerability — HCL Verse 6.5 Medium2023-07-26
CVE-2023-28023 HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability — HCL BigFix WebUI Software Distribution 4.9 Medium2023-07-18
CVE-2023-28021 BigFix WebUI is vulnerable to use of a risky cryptographic algorithm — HCL BigFix WebUI 5.9 Medium2023-07-18
CVE-2023-28020 URL redirection affects BigFix WebUI — HCL BigFix WebUI 4.7 Medium2023-07-18
CVE-2023-28019 An SQL injection affects BigFix WebUI API — HCL BigFix WebUI API 5.5 Medium2023-07-18
CVE-2023-23348 HCL Launch is vulnerable to sensitive information disclosure — HCL Launch 5.1 Medium2023-07-10
CVE-2023-23344 HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization — HCL BigFix WebUI Insights 3.0 Low2023-06-23
CVE-2023-28016 HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability — HCL BigFix OSD Bare Metal Server 3.1 Low2023-06-22
CVE-2023-28006 HCL BigFix OSD Bare Metal Server is affected by a weak cryptographic algorithm. — HCL BigFix OSD Bare Metal Server 7.0 High2023-06-22
CVE-2023-23343 HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability. — HCL BigFix OSD Bare Metal Server 2.4 Low2023-06-22
CVE-2023-28015 HCL Domino AppDev Pack is susceptible to a User Account Enumeration vulnerability — Domino AppDev Pack 5.3 Medium2023-05-23
CVE-2023-28009 HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection — Workload Automation 6.5 Medium2023-04-26
CVE-2023-28008 HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection — Workload Automation 7.1 High2023-04-26
CVE-2022-42452 HCL Technologies HCL Launch 跨站脚本漏洞 — HCL Launch 4.6 Medium2023-03-30
CVE-2022-42447 Cross-origin resource sharing vulnerability affects HCL Compass — HCL Compass2.0 9.6 Critical2023-03-27
CVE-2021-27788 HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability — Verse 8.3 High2023-03-10
CVE-2022-38657 An open redirect to malicious sites affects HCL Leap — Leap 8.2 High2023-02-02
CVE-2021-27782 HCL BigFix Mobile / Modern Client Management Server passwords are susceptible to a brute-force attack — BigFix Mobile 5.4 Medium2023-01-19
CVE-2022-38658 HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service — BigFix Server Automation 7.7 High2022-12-22
CVE-2022-38655 HCL BigFix WebUI is affected by a missing-permission-check vulnerability — BigFix WebUI 6.4 Medium2022-12-20

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.