Vulnerabilidades em HCL Software

334 resultados
Análise Vexday

Com 334 CVEs catalogadas e nenhuma registrada no catálogo de exploração ativa da CISA (KEV), o perfil de risco imediato da HCL Software situa-se abaixo da média geral do catálogo, o que sugere pressão operacional menor em termos de resposta emergencial. No entanto, a presença de 10 vulnerabilidades de severidade crítica exige atenção contínua, ainda que nenhuma delas possua prova de conceito pública conhecida no momento. A CVE mais perigosa atualmente apontada é a CVE-2023-37536, com escore EPSS de 0,0138, indicando probabilidade de exploração relativamente baixa, mas não desprezível dentro do horizonte de monitoramento. O tipo de falha mais recorrente — CWE-79 (Cross-Site Scripting) — e o surgimento de 8 novas CVEs nos últimos 90 dias reforçam a necessidade de ciclos regulares de revisão, especialmente em componentes voltados à interface web.

CVE-2024-42185LOWHCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacksEPSS 0.1%CVE-2024-42182LOWHCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2023-28006HIGHHCL BigFix OSD Bare Metal Server is affected by a weak cryptographic algorithm.EPSS 0.1%CVE-2024-30142LOWHCL BigFix Compliance is affected by a missing secure flag on a cookieEPSS 0.1%CVE-2023-23347MEDIUMUse of a broken cryptographic algorithm affects HCL DRYiCE iAutomateEPSS 0.1%CVE-2025-0280HIGHHCL Compass is affected by a security vulnerabilityEPSS 0.1%CVE-2023-23346MEDIUMUse of a broken cryptographic algorithm affects HCL DRYiCE MyCloud EPSS 0.1%CVE-2025-62346MEDIUMHCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-31957LOWHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.EPSS 0.1%CVE-2025-31977MEDIUMA cryptographic weakness has been identified in the HCL BigFix Service Management (SM)EPSS 0.1%CVE-2024-42197MEDIUMHCL Workload Scheduler is vulnerable to plain text storage of a passwordEPSS 0.1%CVE-2024-42183LOWHCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerabilityEPSS 0.1%CVE-2025-31972MEDIUMHCL BigFix Service Management (SM) is affected by a Sensitive Information Exposure vulnerabilityEPSS 0.1%CVE-2024-42186LOWHCL BigFix Patch Download Plug-ins are affected by an insecure protocol supportEPSS 0.1%