ReportizFlow
Filtered by vendor Hcltech
Subscriptions
Total
399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52636 | 1 Hcltech | 1 Aion | 2026-04-25 | 1.8 Low |
| HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios. | ||||
| CVE-2025-52628 | 1 Hcltech | 1 Aion | 2026-04-25 | 4.6 Medium |
| HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0. | ||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-04-25 | 5.5 Medium |
| Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | ||||
| CVE-2025-52626 | 1 Hcltech | 1 Aion | 2026-04-25 | 4.5 Medium |
| A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | ||||
| CVE-2025-52625 | 1 Hcltech | 1 Aion | 2026-04-25 | 3.7 Low |
| A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0. | ||||
| CVE-2025-31958 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | 3.7 Low |
| HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking. | ||||
| CVE-2025-31981 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | 5.3 Medium |
| HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | ||||
| CVE-2025-52641 | 1 Hcltech | 1 Aion | 2026-04-17 | 2.9 Low |
| HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure. | ||||
| CVE-2026-21765 | 1 Hcltech | 1 Bigfix Platform | 2026-04-16 | 8.8 High |
| HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. | ||||
| CVE-2026-21767 | 1 Hcltech | 1 Bigfix Platform | 2026-04-16 | 4 Medium |
| HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. | ||||
| CVE-2026-21786 | 2 Hclsoftware, Hcltech | 2 Sametime For Ios, Sametime | 2026-04-16 | 3.3 Low |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | ||||
| CVE-2026-21791 | 1 Hcltech | 1 Sametime | 2026-04-16 | 3.3 Low |
| HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | ||||
| CVE-2025-31965 | 1 Hcltech | 1 Bigfix Remote Control | 2026-04-15 | 8.2 High |
| Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages. | ||||
| CVE-2025-31994 | 1 Hcltech | 1 Unica | 2026-04-15 | 4.3 Medium |
| HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website. | ||||
| CVE-2025-31992 | 1 Hcltech | 1 Maxai Assistant | 2026-04-15 | 4.6 Medium |
| HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session. | ||||
| CVE-2024-23584 | 1 Hcltech | 1 Bigfix Enterprise Suite Asset Discovery | 2026-04-15 | 6.6 Medium |
| The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. | ||||
| CVE-2024-30129 | 1 Hcltech | 1 Hcl Nomad | 2026-04-15 | 5.3 Medium |
| The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. | ||||
| CVE-2025-31995 | 1 Hcltech | 1 Maxai Workbench | 2026-04-15 | 3.5 Low |
| HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc. | ||||
| CVE-2025-52647 | 1 Hcltech | 1 Bigfix Webui | 2026-04-15 | 6.1 Medium |
| The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks. | ||||
| CVE-2025-52622 | 1 Hcltech | 1 Bigfix Saas | 2026-04-15 | 5.4 Medium |
| The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks. | ||||