Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21837 | 1 Hcltech | 2 Digital Experience, Digital Experience Compose | 2026-06-10 | N/A | 8.8 HIGH |
| HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise. | |||||
| CVE-2026-21826 | 1 Hcltech | 2 Digital Experience, Digital Experience Compose | 2026-06-10 | N/A | 6.1 MEDIUM |
| HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways. | |||||
| CVE-2026-21825 | 1 Hcltech | 2 Digital Experience, Digital Experience Compose | 2026-06-10 | N/A | 6.1 MEDIUM |
| HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser. | |||||
| CVE-2025-62319 | 1 Hcltech | 2 Unica, Unica Audience Central | 2026-06-05 | N/A | 9.8 CRITICAL |
| Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application. | |||||
| CVE-2025-52606 | 1 Hcltech | 1 Icontrol | 2026-06-04 | N/A | 4.3 MEDIUM |
| HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. | |||||
| CVE-2025-52608 | 1 Hcltech | 1 Icontrol | 2026-06-04 | N/A | 3.1 LOW |
| HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root. | |||||
| CVE-2025-52609 | 1 Hcltech | 1 Icontrol | 2026-06-04 | N/A | 3.7 LOW |
| HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers. | |||||
| CVE-2025-52611 | 1 Hcltech | 1 Icontrol | 2026-06-04 | N/A | 3.1 LOW |
| HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined. This issue likely stems from one of the following: A missing or improperly initialized object. | |||||
| CVE-2025-52612 | 1 Hcltech | 1 Icontrol | 2026-06-04 | N/A | 7.1 HIGH |
| HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. . | |||||
| CVE-2025-31973 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-20 | N/A | 4.0 MEDIUM |
| HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment. | |||||
| CVE-2025-31985 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-20 | N/A | 3.7 LOW |
| HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly. | |||||
| CVE-2025-15633 | 1 Hcltech | 21 Bigfix Webui Api, Bigfix Webui Application Administration, Bigfix Webui Cmep and 18 more | 2026-05-14 | N/A | 6.5 MEDIUM |
| An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers. | |||||
| CVE-2025-15634 | 1 Hcltech | 21 Bigfix Webui Api, Bigfix Webui Application Administration, Bigfix Webui Cmep and 18 more | 2026-05-14 | N/A | 4.3 MEDIUM |
| A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page. | |||||
| CVE-2025-62320 | 1 Hcltech | 9 Unica, Unica Audience Central, Unica Campaign and 6 more | 2026-05-11 | N/A | 4.7 MEDIUM |
| HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser. | |||||
| CVE-2025-31974 | 1 Hcltech | 1 Bigfix Service Management | 2026-05-11 | N/A | 3.9 LOW |
| HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes. | |||||
| CVE-2025-59851 | 1 Hcltech | 1 Dfxanalytics | 2026-05-07 | N/A | 3.7 LOW |
| HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application. | |||||
| CVE-2025-59852 | 1 Hcltech | 1 Dfxanalytics | 2026-05-07 | N/A | 3.7 LOW |
| HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information. | |||||
| CVE-2025-59853 | 1 Hcltech | 1 Dfxanalytics | 2026-05-07 | N/A | 3.1 LOW |
| HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations. | |||||
| CVE-2025-59854 | 1 Hcltech | 1 Dfxanalytics | 2026-05-07 | N/A | 3.1 LOW |
| HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP). | |||||
| CVE-2025-31970 | 1 Hcltech | 1 Dfxanalytics | 2026-05-07 | N/A | 5.3 MEDIUM |
| HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS) | |||||