Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HCL Software — Vulnerabilities & Security Advisories 324

Browse all 324 CVE security advisories affecting HCL Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by HCL Software:DRYiCE MyXalyticsBigFix PlatformHCL LaunchHCL LeapConnectionsSametimeAIONHCL ConnectionsBigFix Patch Management Download Plug-insNomad server on DominoHCL SametimeBigFix ComplianceHCL Domino LeapiAutomateBigFix SaaS RemediateHCL BigFix PlatformHCL DevOps Deploy / HCL LaunchIEMDevOps Deploy / LaunchHCL Unica PlatformUnica PlatformBigFix Insights for Vulnerability RemediationDRYiCE Optibot Reset StationHCL MyXalyticsHCL CommerceHCL Digital ExperienceHCL TravelerHCL BigFix Mobile / Modern Client ManagementDRYiCE AEXUnica Centralized Offer Management
CVE IDTitleCVSSSeverityPublished
CVE-2025-59873 Session Token Exposure via URL Query Parameters — ZIE for Web 5.9 Medium2026-02-23
CVE-2025-55252 HCL AION is affected by a Weak Password Policy vulnerability — AIONCWE-521 3.1 Low2026-01-19
CVE-2025-55250 HCL AION is affected by a Technical Error Disclosure vulnerability — AIONCWE-209 1.8 Low2026-01-19
CVE-2025-52661 HCL AION 安全漏洞 — AIONCWE-613 2.4 Low2026-01-19
CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability. — AIONCWE-693 3.5 Low2026-01-19
CVE-2025-52659 HCL AION is affected by a Cacheable HTTP Response vulnerability — AIONCWE-525 2.8 Low2026-01-19
CVE-2025-52660 HCL AION is affected by an Host Header Injection vulnerability — AIONCWE-644 2.7 Low2026-01-19
CVE-2025-55251 HCL AION is affected by an Unrestricted File Upload vulnerability — AIONCWE-434 3.1 Low2026-01-19
CVE-2025-59870 Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk — MyXalytics 7.4 High2026-01-16
CVE-2025-55254 HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI) — BigFix Remote ControlCWE-601 3.7 Low2025-12-17
CVE-2025-59849 HCL BigFix Remote Control is vulnerable to an insecure CSP configuration — BigFix Remote ControlCWE-1021 4.7 Medium2025-12-17
CVE-2025-62329 HCL DevOps Deploy / HCL Launch is susceptible to an insufficient session expiration vulnerability — DevOps Deploy / LaunchCWE-613 5.0 Medium2025-12-16
CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information — DevOps DeployCWE-319 5.9 Medium2025-12-16
CVE-2024-42197 HCL Workload Scheduler is vulnerable to plain text storage of a password — Workload SchedulerCWE-256 5.5 Medium2025-12-11
CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability — BigFix SaaS RemediateCWE-1188 5.4 Medium2025-12-02
CVE-2025-0248 HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability, — iNotesCWE-20 8.1 High2025-11-25
CVE-2025-62346 HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability — Glovius CloudCWE-352 6.8 Medium2025-11-20
CVE-2025-52639 HCL Connections is vulnerable to sensitive information disclosure — ConnectionsCWE-201 3.5 Low2025-11-18
CVE-2025-55278 HCL DevOps Loop is susceptible to an improper authentication vulnerability — DevOps LoopCWE-613 8.1 High2025-11-05
CVE-2025-31954 HCL iAutomate is susceptible to a sensitive information disclosure — iAutomateCWE-598 5.4 Medium2025-11-05
CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application — BigFix QueryCWE-359 4.2 Medium2025-11-05
CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage — Traveler for Microsoft OutlookCWE-522 5.5 Medium2025-10-16
CVE-2025-0277 HCL BigFix Mobile is affected by an insecure Content Security Policy (CSP) — BigFix MobileCWE-693 6.5 Medium2025-10-16
CVE-2025-0276 HCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP) — BigFix Modern Client ManagementCWE-693 6.5 Medium2025-10-16
CVE-2025-0275 HCL BigFix Mobile 3.3 and earlier is affected by improper access control — BigFix MobileCWE-306 5.3 Medium2025-10-16
CVE-2025-0274 HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control — BigFix Modern Client ManagementCWE-306 5.3 Medium2025-10-16
CVE-2025-31995 HCL Unica MaxAI Workbench is vulnerable to improper input validation — MaxAI WorkbenchCWE-20 3.5 Low2025-10-13
CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS) — Unica CampaignCWE-79 4.3 Medium2025-10-13
CVE-2025-31996 Unprotected files are impacting HCL Unica Platform — Unica PlatformCWE-552 5.3 Medium2025-10-13
CVE-2025-52615 HCL Unica Platform is impacted by misconfigured security related HTTP headers — Unica PlatformCWE-693 3.5 Low2025-10-12

This page lists every published CVE security advisory associated with HCL Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.