Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31981 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | N/A | 5.3 MEDIUM |
| HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | |||||
| CVE-2026-21765 | 1 Hcltech | 1 Bigfix Platform | 2026-04-16 | N/A | 8.8 HIGH |
| HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. | |||||
| CVE-2026-21767 | 1 Hcltech | 1 Bigfix Platform | 2026-04-16 | N/A | 4.0 MEDIUM |
| HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. | |||||
| CVE-2025-31966 | 1 Hcltech | 1 Sametime | 2026-03-31 | N/A | 2.7 LOW |
| HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server. | |||||
| CVE-2026-21783 | 1 Hcltech | 1 Traveler | 2026-03-31 | N/A | 4.3 MEDIUM |
| HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | |||||
| CVE-2025-55266 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 5.9 MEDIUM |
| HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user. | |||||
| CVE-2025-55267 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 5.7 MEDIUM |
| HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server. | |||||
| CVE-2025-55268 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 4.3 MEDIUM |
| HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service. | |||||
| CVE-2025-55269 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 4.2 MEDIUM |
| HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts. | |||||
| CVE-2025-55270 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.5 LOW |
| HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc. | |||||
| CVE-2025-55271 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.1 LOW |
| HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response.. | |||||
| CVE-2025-55273 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 4.3 MEDIUM |
| HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking. | |||||
| CVE-2025-55275 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.7 LOW |
| HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user. | |||||
| CVE-2025-55277 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 2.6 LOW |
| HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application. | |||||
| CVE-2025-55274 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 2.6 LOW |
| HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user. | |||||
| CVE-2025-55265 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 6.5 MEDIUM |
| HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks. | |||||
| CVE-2025-55276 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.1 LOW |
| HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout. | |||||
| CVE-2025-55261 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 8.1 HIGH |
| HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data. | |||||
| CVE-2025-55262 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 8.3 HIGH |
| HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database. | |||||
| CVE-2025-55263 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 7.3 HIGH |
| HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets. | |||||