Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-51736 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 6.3 MEDIUM |
| File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-51735 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 7.5 HIGH |
| CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-51734 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-51733 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 5.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-31998 | 1 Hcltech | 1 Unica Centralized Offer Management | 2026-06-17 | N/A | 3.5 LOW |
| HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. | |||||
| CVE-2025-31997 | 1 Hcltech | 1 Unica Centralized Offer Management | 2026-06-17 | N/A | 4.2 MEDIUM |
| HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files. | |||||
| CVE-2025-31996 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users. | |||||
| CVE-2025-31993 | 1 Hcltech | 1 Unica Centralized Offer Management | 2026-06-17 | N/A | 3.5 LOW |
| HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server. | |||||
| CVE-2025-31988 | 1 Hcltech | 1 Digital Experience | 2026-06-17 | N/A | 4.9 MEDIUM |
| HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. | |||||
| CVE-2025-31987 | 1 Hcltech | 1 Connections Docs | 2026-06-17 | N/A | 4.8 MEDIUM |
| HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. | |||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | |||||
| CVE-2025-31972 | 1 Hcltech | 1 Bigfix Service Management | 2026-06-17 | N/A | 6.5 MEDIUM |
| HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | |||||
| CVE-2025-31969 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 4.0 MEDIUM |
| HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking. | |||||
| CVE-2025-31964 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-06-17 | N/A | 2.2 LOW |
| Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface. | |||||
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-06-17 | N/A | 2.9 LOW |
| Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | |||||
| CVE-2025-31962 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-06-17 | N/A | 2.0 LOW |
| Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods. | |||||
| CVE-2025-31961 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.7 LOW |
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||||
| CVE-2025-31955 | 1 Hcltech | 1 Dryice Iautomate | 2026-06-17 | N/A | 7.6 HIGH |
| HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. | |||||
| CVE-2025-31954 | 1 Hcltech | 1 Dryice Iautomate | 2026-06-17 | N/A | 5.4 MEDIUM |
| HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. | |||||
| CVE-2025-31953 | 1 Hcltech | 1 Dryice Iautomate | 2026-06-17 | N/A | 7.1 HIGH |
| HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties. | |||||