Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCLSoftware — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting HCLSoftware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCLSoftware develops enterprise software solutions including application development, integration, and digital experience platforms. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. With 19 CVEs currently on record, security researchers have identified consistent patterns in their codebase. While no major public security incidents have been widely documented, the volume of disclosed vulnerabilities suggests ongoing challenges in secure coding practices. Organizations implementing HCLSoftware solutions should prioritize regular patching and hardening of these environments to mitigate potential exploitation risks.

Top products by HCLSoftware: BigFix IVR Connections Traveler BigFix Platform BigFix Service Management (SM) BigFix WebUI DevOps Deploy BigFix Compliance HCL DevOps Velocity Digital Experience Sametime for iOS Nomad server on Domino Unica Marketing Operations (Plan) Velocity
CVE IDTitleCVSSSeverityPublished
CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability — BigFix WebUICWE-862--2026-05-09
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability — BigFix WebUICWE-863--2026-05-09
CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption — BigFix Service Management (SM)CWE-319 5.3 Medium2026-04-21
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling — BigFix Service Management (SM)CWE-444 3.7 Low2026-04-21
CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks — VelocityCWE-307 6.8 Medium2026-04-13
CVE-2026-21767 HCL BigFix Platform is affected by insufficient authentication — BigFix PlatformCWE-306 4.0 Medium2026-04-01
CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys — BigFix PlatformCWE-732 8.8 High2026-04-01
CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability — TravelerCWE-346 6.3 Medium2026-03-24
CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure — TravelerCWE-209 4.3 Medium2026-03-24
CVE-2026-21788 HCL Connections is vulnerable to cross-site scripting (XSS) — ConnectionsCWE-79 5.4 Medium2026-03-19
CVE-2024-42210 HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability — Unica Marketing Operations (Plan)CWE-79 7.6 High2026-03-19
CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive — Nomad server on DominoCWE-1021 3.7 Low2026-03-11
CVE-2026-21786 HCL Sametime for iOS is affected by sensitive information disclosure — Sametime for iOSCWE-532 3.3 Low2026-03-05
CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS) — Digital ExperienceCWE-79 6.1 Medium2026-02-20
CVE-2025-52603 HCL Connections is vulnerable to information disclosure — ConnectionsCWE-213 3.5 Low2026-02-20
CVE-2025-31990 HCL DevOps Velocity is susceptible to a Denial of Service vulnerability — HCL DevOps VelocityCWE-770 6.8 Medium2026-02-07
CVE-2023-37525 HCL BigFix Compliance is vulnerable to a sensitive information disclosure — BigFix ComplianceCWE-497 5.3 Medium2026-01-28
CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials — DevOps DeployCWE-522 4.9 Medium2026-01-07
CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration — BigFix IVRCWE-200 2.2 Low2026-01-07
CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection — BigFix IVRCWE-306 2.9 Low2026-01-07
CVE-2025-31962 HCL BigFix IVR is impacted by an insufficient session expiration vulnerability — BigFix IVRCWE-613 2.0 Low2026-01-07

This page lists every published CVE security advisory associated with HCLSoftware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.