Filtered by vendor Hcltech
Subscribe
Total
372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31964 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-21 | N/A | 2.2 LOW |
| Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface. | |||||
| CVE-2025-31962 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-12 | N/A | 2.0 LOW |
| Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods. | |||||
| CVE-2023-37540 | 1 Hcltech | 1 Sametime | 2026-01-09 | N/A | 3.9 LOW |
| Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data. | |||||
| CVE-2024-30150 | 1 Hcltech | 1 Dryice Mycloud | 2026-01-09 | N/A | 5.3 MEDIUM |
| HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users. | |||||
| CVE-2024-23556 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 5.9 MEDIUM |
| SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | |||||
| CVE-2024-23554 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 5.7 MEDIUM |
| Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). | |||||
| CVE-2024-23583 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2026-01-08 | N/A | 6.7 MEDIUM |
| An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. | |||||
| CVE-2024-30124 | 1 Hcltech | 1 Sametime | 2026-01-08 | N/A | 4.0 MEDIUM |
| HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. | |||||
| CVE-2023-45706 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 2.0 LOW |
| An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. | |||||
| CVE-2023-45715 | 1 Hcltech | 1 Bigfix Platform | 2026-01-08 | N/A | 3.5 LOW |
| The console may experience a service interruption when processing file names with invalid characters. | |||||
| CVE-2024-30149 | 1 Hcltech | 1 Appscan Source | 2026-01-08 | N/A | 4.8 MEDIUM |
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | |||||
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2025-12-31 | N/A | 4.1 MEDIUM |
| Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. | |||||
| CVE-2025-63401 | 1 Hcltech | 1 Dragon | 2025-12-18 | N/A | 5.5 MEDIUM |
| Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives | |||||
| CVE-2025-63402 | 1 Hcltech | 1 Dragon | 2025-12-18 | N/A | 5.5 MEDIUM |
| An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests | |||||
| CVE-2025-51736 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 6.3 MEDIUM |
| File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-51735 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 7.5 HIGH |
| CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-51734 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-51733 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 5.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2024-23563 | 1 Hcltech | 1 Connections Docs | 2025-11-25 | N/A | 3.9 LOW |
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||||
| CVE-2025-31987 | 1 Hcltech | 1 Connections Docs | 2025-11-21 | N/A | 4.8 MEDIUM |
| HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. | |||||