VYPR
Vendor

HCLTech

HCL Technologies Limited is an Indian multinational information technology (IT) consulting company headquartered in Noida, Uttar Pradesh. Founded by Shiv Nadar, it was spun out in 1991 when HCL entered into the software services business. The company has offices in 60 countries and over 220,000 employees. It is the third-largest India-headquartered IT services company by revenue and market capitalization as of 2024.

Founded 1991
Products
38
CVEs
132
Across products
166
Status
Private

Products

38
View all 38 products →

Recent CVEs

132
View all 132 CVEs →
  • CVE-2025-62319CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.00

    Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently…

  • CVE-2026-21837HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a…

  • CVE-2026-21765HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.

  • CVE-2024-30151HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or…

  • CVE-2026-22514HigMar 25, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1.

  • CVE-2025-52650HigOct 10, 2025
    risk 0.53cvss 8.2epss 0.00

    Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

  • CVE-2025-52612HigJun 4, 2026
    risk 0.46cvss 7.1epss 0.00

    HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .

  • CVE-2025-15633MedMay 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate…

  • CVE-2025-52632MedOct 10, 2025
    risk 0.42cvss 6.5epss 0.00

    A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

  • CVE-2026-21826MedJun 5, 2026
    risk 0.40cvss 6.1epss 0.00

    HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

  • CVE-2026-21825MedJun 5, 2026
    risk 0.40cvss 6.1epss 0.00

    HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.

  • CVE-2025-52644MedMar 16, 2026
    risk 0.38cvss 5.8epss 0.00

    HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation…

  • CVE-2025-52627MedFeb 3, 2026
    risk 0.36cvss 5.5epss 0.00

    Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

  • CVE-2025-62313MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.

  • CVE-2025-62310MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.

  • CVE-2025-52624MedOct 10, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects…

  • CVE-2025-31960MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the…

  • CVE-2025-31970MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

  • CVE-2025-31981MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.

  • CVE-2025-62308MedMay 14, 2026
    risk 0.33cvss 5.1epss 0.00

    HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under…