Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL — Vulnerabilities & Security Advisories 79

Browse all 79 CVE security advisories affecting HCL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Technologies operates as a global information technology services provider, primarily focusing on software engineering, business process services, and infrastructure management. With fifty-seven recorded Common Vulnerabilities and Exposures (CVEs), the organization’s security posture reflects risks inherent in its extensive software portfolio and enterprise solutions. Historically, identified flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from third-party dependencies or configuration errors within its Domino and Notes platforms. These issues highlight challenges in maintaining secure codebases across complex, legacy-integrated systems. While no catastrophic public breaches have been widely attributed directly to these specific CVEs, the volume of disclosures underscores the necessity for rigorous patch management and continuous vulnerability assessment. The company continues to address these technical debt issues through regular security updates and enhanced development lifecycle protocols to mitigate exposure in its diverse client environments.

Found 32 results / 79Clear Filters
Top products by HCL: AION Aftermarket DPC BigFix Service Management (SM) DFXAnalytics HCL MyXalytics Sametime HCL Domino HCL Notes HCL AION BigFix RunBookAI HCL Connections AppScan Source HCL Traveler HCL BigFix WebUI Unica
CVE IDTitleCVSSSeverityPublished
CVE-2025-62305 HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions — AIONCWE-201 5.1 Medium2026-05-14
CVE-2025-62317 HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. — AIONCWE-598 2.6 Low2026-05-14
CVE-2025-62308 HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed — AIONCWE-201 5.1 Medium2026-05-14
CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. — AIONCWE-201 2.6 Low2026-05-14
CVE-2025-62312 HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication — AIONCWE-522 3.0 Low2026-05-14
CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured — AIONCWE-1021 2.3 Low2026-05-14
CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. — AIONCWE-307 5.4 Medium2026-05-14
CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. — AIONCWE-319 4.3 Medium2026-05-14
CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations — AIONCWE-319 5.4 Medium2026-05-14
CVE-2025-52641 Internal Filesystem Exploration vulnerability — AION 2.9 Low2026-04-15
CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability — AION 3.3 Low2026-03-16
CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. — AION 2.2 Low2026-03-16
CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. — AION 1.9 Low2026-03-16
CVE-2025-52649 HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature — AION 1.8 Low2026-03-16
CVE-2025-52644 HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. — AION 5.8 Medium2026-03-16
CVE-2025-52643 HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment — AION 4.7 Medium2026-03-16
CVE-2025-52636 HCL AION is affected by a improper handling of uploads files Size — AION 1.8 Low2026-03-16
CVE-2025-52648 HCL AION 安全漏洞 — AION 4.8 Medium2026-03-16
CVE-2025-52638 Multiple security vulnerabilities affect HCL AION — AION 5.6 Medium2026-03-16
CVE-2025-52637 Multiple security vulnerabilities affect HCL AION — AION 4.5 Medium2026-03-16
CVE-2025-52631 HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. — AIONCWE-200 3.7 Low2026-02-03
CVE-2025-52623 HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability — AIONCWE-522 3.7 Low2026-02-03
CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability — AIONCWE-1275 4.6 Medium2026-02-03
CVE-2025-52633 HCL AION is susceptible to Missing Content-Security-Policy — AIONCWE-539 3.1 Low2026-02-03
CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy — AIONCWE-1032 3.7 Low2026-02-03
CVE-2025-52626 HCL AION is susceptible to Potential Command Injection vulnerability — AIONCWE-78 4.5 Medium2026-02-03
CVE-2025-52627 HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource — AIONCWE-732 5.5 Medium2026-02-03
CVE-2025-52625 HCL AION is susceptible to Cacheable SSL Page Found vulnerability — AIONCWE-525 3.7 Low2025-10-10
CVE-2025-52624 HCL AION is susceptible to Bypass of the script allow list configuration vulnerability — AIONCWE-1032 5.4 Medium2025-10-10
CVE-2025-52635 HCL AION is susceptible to Trusted types in scripts not enforced in CSP — AIONCWE-1032 3.7 Low2025-10-10

This page lists every published CVE security advisory associated with HCL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.