Vendor
Hcl Software
Products
13
CVEs
49
Across products
49
Status
Private
Products
13- 21 CVEs
- 6 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
49| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21786 | 0.00 | — | 0.00 | Mar 5, 2026 | HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | ||
| CVE-2023-37525 | 0.00 | — | 0.00 | Jan 28, 2026 | A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals. | ||
| CVE-2025-55254 | 0.00 | — | 0.00 | Dec 17, 2025 | Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. | ||
| CVE-2025-59849 | 0.00 | — | 0.00 | Dec 17, 2025 | Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | ||
| CVE-2024-30142 | 0.00 | — | 0.00 | Nov 7, 2024 | HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel. | ||
| CVE-2024-30141 | 0.00 | — | 0.00 | Nov 7, 2024 | HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data. | ||
| CVE-2024-30140 | 0.00 | — | 0.00 | Nov 7, 2024 | HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | ||
| CVE-2024-30117 | 0.00 | — | 0.00 | Oct 14, 2024 | A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | ||
| CVE-2024-30126 | 0.00 | — | 0.01 | Jul 18, 2024 | HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge. | ||
| CVE-2024-30125 | 0.00 | — | 0.00 | Jul 18, 2024 | HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. | ||
| CVE-2024-23556 | 0.00 | — | 0.00 | May 17, 2024 | SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | ||
| CVE-2024-23554 | 0.00 | — | 0.01 | May 17, 2024 | Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). | ||
| CVE-2024-23583 | 0.00 | — | 0.00 | May 17, 2024 | An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. | ||
| CVE-2023-45715 | 0.00 | — | 0.00 | Mar 28, 2024 | The console may experience a service interruption when processing file names with invalid characters. | ||
| CVE-2023-45706 | 0.00 | — | 0.00 | Mar 28, 2024 | An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. | ||
| CVE-2023-45705 | 0.00 | — | 0.00 | Mar 28, 2024 | An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | ||
| CVE-2023-37540 | 0.00 | — | 0.00 | Feb 23, 2024 | Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data. | ||
| CVE-2023-37528 | 0.00 | — | 0.00 | Feb 3, 2024 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | ||
| CVE-2024-23553 | 0.00 | — | 0.00 | Feb 2, 2024 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | ||
| CVE-2023-37531 | 0.00 | — | 0.01 | Feb 2, 2024 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. |