Vulnerabilities in HCL Software
334 resultsCVE-2025-59849MEDIUMHCL BigFix Remote Control is vulnerable to an insecure CSP configurationEPSS 0.2%CVE-2024-23583MEDIUMHCL BigFix Platform is susceptible to insufficiently protected credentialsEPSS 0.2%CVE-2025-52659LOWHCL AION is affected by a Cacheable HTTP Response vulnerabilityEPSS 0.2%CVE-2023-50350HIGHA broken cryptographic algorithm impacts MyXalyticsEPSS 0.2%CVE-2025-31982LOWHCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directlEPSS 0.2%CVE-2024-42187MEDIUMHCL BigFix Patch Download Plug-ins are affected by path traversal vulnerabilityEPSS 0.2%CVE-2024-30120LOWHCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web applicationEPSS 0.2%CVE-2024-42196MEDIUMHCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerabilityEPSS 0.1%CVE-2025-31969MEDIUMHCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)EPSS 0.1%CVE-2024-23579MEDIUMHCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questionsEPSS 0.1%CVE-2022-42451MEDIUMHCL BigFix Patch Management is vulnerable to insecurely stored credentialsEPSS 0.1%CVE-2025-52661LOWHCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resultiEPSS 0.1%CVE-2024-23580MEDIUMHCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs)EPSS 0.1%CVE-2025-52622MEDIUMHCL BigFix SaaS Remediate is affected by a security vulnerabilityEPSS 0.1%CVE-2025-55252LOWHCL AION is affected by a Weak Password Policy vulnerabilityEPSS 0.1%CVE-2023-23348MEDIUMHCL Launch is vulnerable to sensitive information disclosureEPSS 0.1%CVE-2025-52621MEDIUMHCL BigFix SaaS Authentication Service is vulnerable to cache poisoningEPSS 0.1%CVE-2024-23563LOWHCL Connections Docs is vulnerable to a sensitive information disclosureEPSS 0.1%CVE-2022-27549MEDIUMHCL Launch could disclose sensitive database information to a local user in plain text.EPSS 0.1%CVE-2024-42192MEDIUMHCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakageEPSS 0.1%