Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

HCLSoftware — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting HCLSoftware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HCLSoftware develops enterprise software solutions including application development, integration, and digital experience platforms. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. With 19 CVEs currently on record, security researchers have identified consistent patterns in their codebase. While no major public security incidents have been widely documented, the volume of disclosed vulnerabilities suggests ongoing challenges in secure coding practices. Organizations implementing HCLSoftware solutions should prioritize regular patching and hardening of these environments to mitigate potential exploitation risks.

Top products by HCLSoftware: BigFix IVR Connections BigFix Platform BigFix WebUI BigFix Service Management (SM) Traveler Digital Experience Sametime for iOS Nomad server on Domino Unica Marketing Operations (Plan) DevOps Deploy Velocity HCL DevOps Velocity BigFix Compliance BigFix SCM Reporting DominoIQ BigFix Remote Control Server DX Compose Digital Experience & DX Compose BigFix Cloud Lifecycle Management Verse for Android
CVE IDTitleCVSSSeverityPublished
CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability — Verse for AndroidCWE-20 6.3 Medium2026-06-19
CVE-2026-21825 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center — DX ComposeCWE-79 6.1 Medium2026-06-05
CVE-2026-21826 HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection — Digital Experience & DX ComposeCWE-601 6.1 Medium2026-06-05
CVE-2026-21837 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API — Digital ExperienceCWE-78--2026-06-05
CVE-2025-62338 HCL BigFix Cloud Lifecycle Management is affected by lack of input validation — BigFix Cloud Lifecycle Management 3.3 Low2026-06-04
CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy — BigFix Remote Control ServerCWE-1021 4.0 Medium2026-05-27
CVE-2026-21836 HCL DominoIQ is affected by broken access control — DominoIQCWE-862 6.5 Medium2026-05-20
CVE-2026-21789 HCL Connections is vulnerable to broken access control — ConnectionsCWE-863 4.6 Medium2026-05-18
CVE-2026-21821 HCL BigFix SCM Reporting is affected by vulnerabilities in jQuery — BigFix SCM ReportingCWE-1104 8.3 High2026-05-13
CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability — BigFix WebUICWE-862 4.3 -2026-05-09
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability — BigFix WebUICWE-863 4.3 -2026-05-09
CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption — BigFix Service Management (SM)CWE-319 5.3 Medium2026-04-21
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling — BigFix Service Management (SM)CWE-444 3.7 Low2026-04-21
CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks — VelocityCWE-307 6.8 Medium2026-04-13
CVE-2026-21767 HCL BigFix Platform is affected by insufficient authentication — BigFix PlatformCWE-306 4.0 Medium2026-04-01
CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys — BigFix PlatformCWE-732 8.8 High2026-04-01
CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability — TravelerCWE-346 6.3 Medium2026-03-24
CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure — TravelerCWE-209 4.3 Medium2026-03-24
CVE-2026-21788 HCL Connections is vulnerable to cross-site scripting (XSS) — ConnectionsCWE-79 5.4 Medium2026-03-19
CVE-2024-42210 HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability — Unica Marketing Operations (Plan)CWE-79 7.6 High2026-03-19
CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive — Nomad server on DominoCWE-1021 3.7 Low2026-03-11
CVE-2026-21786 HCL Sametime for iOS is affected by sensitive information disclosure — Sametime for iOSCWE-532 3.3 Low2026-03-05
CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS) — Digital ExperienceCWE-79 6.1 Medium2026-02-20
CVE-2025-52603 HCL Connections is vulnerable to information disclosure — ConnectionsCWE-213 3.5 Low2026-02-20
CVE-2025-31990 HCL DevOps Velocity is susceptible to a Denial of Service vulnerability — HCL DevOps VelocityCWE-770 6.8 Medium2026-02-07
CVE-2023-37525 HCL BigFix Compliance is vulnerable to a sensitive information disclosure — BigFix ComplianceCWE-497 5.3 Medium2026-01-28
CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials — DevOps DeployCWE-522 4.9 Medium2026-01-07
CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration — BigFix IVRCWE-200 2.2 Low2026-01-07
CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection — BigFix IVRCWE-306 2.9 Low2026-01-07
CVE-2025-31962 HCL BigFix IVR is impacted by an insufficient session expiration vulnerability — BigFix IVRCWE-613 2.0 Low2026-01-07

This page lists every published CVE security advisory associated with HCLSoftware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.