Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting HCL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCL Technologies operates as a global information technology services provider, primarily focusing on software engineering, business process services, and infrastructure management. With fifty-seven recorded Common Vulnerabilities and Exposures (CVEs), the organization’s security posture reflects risks inherent in its extensive software portfolio and enterprise solutions. Historically, identified flaws frequently involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from third-party dependencies or configuration errors within its Domino and Notes platforms. These issues highlight challenges in maintaining secure codebases across complex, legacy-integrated systems. While no catastrophic public breaches have been widely attributed directly to these specific CVEs, the volume of disclosures underscores the necessity for rigorous patch management and continuous vulnerability assessment. The company continues to address these technical debt issues through regular security updates and enhanced development lifecycle protocols to mitigate exposure in its diverse client environments.

Top products by HCL: AION Aftermarket DPC BigFix Service Management (SM) DFXAnalytics HCL MyXalytics Sametime HCL Domino HCL Notes HCL AION BigFix RunBookAI HCL Connections AppScan Source HCL Traveler HCL BigFix WebUI Unica
CVE IDTitleCVSSSeverityPublished
CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability — Aftermarket DPCCWE-1104 2.6 Low2026-03-26
CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform — SametimeCWE-79 4.7 Medium2026-03-17
CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components — SametimeCWE-20 2.7 Low2026-03-17
CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components — UnicaCWE-89 9.8 Critical2026-03-16
CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability — AION 3.3 Low2026-03-16
CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. — AION 2.2 Low2026-03-16
CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. — AION 1.9 Low2026-03-16
CVE-2025-52649 HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature — AION 1.8 Low2026-03-16
CVE-2025-52644 HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. — AION 5.8 Medium2026-03-16
CVE-2025-52643 HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment — AION 4.7 Medium2026-03-16
CVE-2025-52636 HCL AION is affected by a improper handling of uploads files Size — AION 1.8 Low2026-03-16
CVE-2025-52648 HCL AION 安全漏洞 — AION 4.8 Medium2026-03-16
CVE-2025-52638 Multiple security vulnerabilities affect HCL AION — AION 5.6 Medium2026-03-16
CVE-2025-52637 Multiple security vulnerabilities affect HCL AION — AION 4.5 Medium2026-03-16
CVE-2026-21791 HCL Sametime for Android is affected by sensitive information disclosure — SametimeCWE-532 3.3 Low2026-03-10
CVE-2025-52631 HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. — AIONCWE-200 3.7 Low2026-02-03
CVE-2025-52623 HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability — AIONCWE-522 3.7 Low2026-02-03
CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability — AIONCWE-1275 4.6 Medium2026-02-03
CVE-2025-52633 HCL AION is susceptible to Missing Content-Security-Policy — AIONCWE-539 3.1 Low2026-02-03
CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy — AIONCWE-1032 3.7 Low2026-02-03
CVE-2025-52626 HCL AION is susceptible to Potential Command Injection vulnerability — AIONCWE-78 4.5 Medium2026-02-03
CVE-2025-52627 HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource — AIONCWE-732 5.5 Medium2026-02-03
CVE-2025-52625 HCL AION is susceptible to Cacheable SSL Page Found vulnerability — AIONCWE-525 3.7 Low2025-10-10
CVE-2025-52624 HCL AION is susceptible to Bypass of the script allow list configuration vulnerability — AIONCWE-1032 5.4 Medium2025-10-10
CVE-2025-52635 HCL AION is susceptible to Trusted types in scripts not enforced in CSP — AIONCWE-1032 3.7 Low2025-10-10
CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability — AIONCWE-614 6.5 Medium2025-10-10
CVE-2025-52630 HCL AION is susceptible to Missing or insecure "X-Content-Type-Options" header vulnerability — AIONCWE-200 3.7 Low2025-10-10
CVE-2025-52634 HCL AION is susceptible to Spring Boot Actuator Endpoints Exposed — HCL AIONCWE-200 3.7 Low2025-10-10
CVE-2025-52650 HCL AION is susceptible to Inline script execution allowed in CSP vulnerability — HCL AIONCWE-1032 8.2 High2025-10-10
CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability. — HCL MyXalyticsCWE-829 3.1 Low2025-10-10

This page lists every published CVE security advisory associated with HCL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.