Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting HCL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Technologies operates as a global information technology services provider, primarily focusing on software engineering, business process services, and infrastructure management. With fifty-seven recorded Common Vulnerabilities and Exposures (CVEs), the organization’s security posture reflects risks inherent in its extensive software portfolio and enterprise solutions. Historically, identified flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from third-party dependencies or configuration errors within its Domino and Notes platforms. These issues highlight challenges in maintaining secure codebases across complex, legacy-integrated systems. While no catastrophic public breaches have been widely attributed directly to these specific CVEs, the volume of disclosures underscores the necessity for rigorous patch management and continuous vulnerability assessment. The company continues to address these technical debt issues through regular security updates and enhanced development lifecycle protocols to mitigate exposure in its diverse client environments.

Top products by HCL: AION Aftermarket DPC BigFix Service Management (SM) DFXAnalytics HCL MyXalytics Sametime HCL Domino HCL Notes HCL AION BigFix RunBookAI HCL Connections AppScan Source HCL Traveler HCL BigFix WebUI Unica
CVE IDTitleCVSSSeverityPublished
CVE-2024-30151 HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability — BigFix Service Management (SM)CWE-532 8.3 High2026-05-06
CVE-2025-31960 HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module — BigFix Service Management (SM)CWE-209 5.3 Medium2026-05-06
CVE-2025-31975 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. — BigFix Service Management (SM)CWE-200 2.6 Low2026-05-06
CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component — BigFix Service Management (SM)CWE-200 4.6 Medium2026-05-06
CVE-2025-31984 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header — BigFix Service Management (SM)CWE-200 3.7 Low2026-05-06
CVE-2025-31983 HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header — BigFix Service Management (SM)CWE-358 3.7 Low2026-05-06
CVE-2025-62345 HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability — BigFix RunBookAICWE-522 2.7 Low2026-05-06
CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability — BigFix RunBookAICWE-77 8.8 High2026-05-06
CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability — DFXAnalyticsCWE-80 3.1 Low2026-05-06
CVE-2025-59853 HCL DFXAnalytics is affected by an Improper Error Handling vulnerability — DFXAnalyticsCWE-209 3.1 Low2026-05-06
CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability — DFXAnalyticsCWE-319 3.7 Low2026-05-06
CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability — DFXAnalyticsCWE-1395 3.7 Low2026-05-06
CVE-2025-31970 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability — DFXAnalyticsCWE-358 5.3 Medium2026-05-06
CVE-2025-52641 Internal Filesystem Exploration vulnerability — AION 2.9 Low2026-04-15
CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control — Aftermarket DPCCWE-284 8.1 High2026-03-26
CVE-2025-55262 HCL Aftermarket DPC is affected by SQL Injection — Aftermarket DPCCWE-798 8.3 High2026-03-26
CVE-2025-55263 HCL Aftermarket DPC is affected by Hardcoded Sensitive Data — Aftermarket DPCCWE-798 7.3 High2026-03-26
CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change — Aftermarket DPCCWE-613 5.5 Medium2026-03-26
CVE-2025-55265 HCL Aftermarket DPC is affected by File Discovery — Aftermarket DPCCWE-200 6.5 Medium2026-03-26
CVE-2025-55266 HCL Aftermarket DPC is affected by Session Fixation — Aftermarket DPCCWE-384 5.9 Medium2026-03-26
CVE-2025-55267 HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability — Aftermarket DPCCWE-434 5.7 Medium2026-03-26
CVE-2025-55268 HCL Aftermarket DPC is affected by Spamming Vulnerability — Aftermarket DPCCWE-799 4.3 Medium2026-03-26
CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability — Aftermarket DPCCWE-521 4.2 Medium2026-03-26
CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation — Aftermarket DPCCWE-20 3.5 Low2026-03-26
CVE-2025-55271 HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability — Aftermarket DPCCWE-113 3.1 Low2026-03-26
CVE-2025-55272 HCL Aftermarket DPC is affected by Banner Disclosure vulnerability — Aftermarket DPCCWE-200 3.1 Low2026-03-26
CVE-2025-55273 HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability — Aftermarket DPCCWE-829 4.3 Medium2026-03-26
CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability — Aftermarket DPCCWE-942 2.6 Low2026-03-26
CVE-2025-55275 HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability — Aftermarket DPCCWE-557 3.7 Low2026-03-26
CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability — Aftermarket DPCCWE-200 3.1 Low2026-03-26

This page lists every published CVE security advisory associated with HCL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.