Filtered by vendor Hcltech
Subscribe
Total
372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52659 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 2.8 LOW |
| HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure. | |||||
| CVE-2025-52649 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 1.8 LOW |
| HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. | |||||
| CVE-2025-52645 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 1.9 LOW |
| HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour. | |||||
| CVE-2025-52643 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 4.7 MEDIUM |
| HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files. | |||||
| CVE-2025-52636 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 1.8 LOW |
| HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios. | |||||
| CVE-2025-52628 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 4.6 MEDIUM |
| HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0. | |||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 5.5 MEDIUM |
| Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | |||||
| CVE-2025-52626 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 4.5 MEDIUM |
| A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | |||||
| CVE-2025-52625 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 3.7 LOW |
| A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0. | |||||
| CVE-2025-31958 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | N/A | 3.7 LOW |
| HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking. | |||||
| CVE-2025-31981 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | N/A | 5.3 MEDIUM |
| HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | |||||
| CVE-2026-21765 | 1 Hcltech | 1 Bigfix Platform | 2026-04-16 | N/A | 8.8 HIGH |
| HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. | |||||
| CVE-2026-21767 | 1 Hcltech | 1 Bigfix Platform | 2026-04-16 | N/A | 4.0 MEDIUM |
| HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. | |||||
| CVE-2025-31966 | 1 Hcltech | 1 Sametime | 2026-03-31 | N/A | 2.7 LOW |
| HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server. | |||||
| CVE-2026-21783 | 1 Hcltech | 1 Traveler | 2026-03-31 | N/A | 4.3 MEDIUM |
| HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | |||||
| CVE-2025-55266 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 5.9 MEDIUM |
| HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user. | |||||
| CVE-2025-55267 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 5.7 MEDIUM |
| HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server. | |||||
| CVE-2025-55268 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 4.3 MEDIUM |
| HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service. | |||||
| CVE-2025-55269 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 4.2 MEDIUM |
| HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts. | |||||
| CVE-2025-55270 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.5 LOW |
| HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc. | |||||