Vendor CVEs
HCLTech
All CVEs
132 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62319 | Cri | 0.64 | 9.8 | 0.00 | Mar 16, 2026 | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently… | ||
| CVE-2026-21837 | Hig | 0.57 | 8.8 | 0.01 | Jun 5, 2026 | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a… | ||
| CVE-2026-21765 | Hig | 0.57 | 8.8 | 0.00 | Apr 2, 2026 | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. | ||
| CVE-2024-30151 | Hig | 0.54 | 8.3 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or… | ||
| CVE-2026-22514 | Hig | 0.53 | 8.1 | 0.01 | Mar 25, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1. | ||
| CVE-2025-52650 | Hig | 0.53 | 8.2 | 0.00 | Oct 10, 2025 | Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 | ||
| CVE-2025-52612 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. . | ||
| CVE-2025-15633 | Med | 0.42 | 6.5 | 0.00 | May 9, 2026 | An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate… | ||
| CVE-2025-52632 | Med | 0.42 | 6.5 | 0.00 | Oct 10, 2025 | A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. | ||
| CVE-2026-21826 | Med | 0.40 | 6.1 | 0.00 | Jun 5, 2026 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways. | ||
| CVE-2026-21825 | Med | 0.40 | 6.1 | 0.00 | Jun 5, 2026 | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser. | ||
| CVE-2025-52644 | Med | 0.38 | 5.8 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation… | ||
| CVE-2025-52627 | Med | 0.36 | 5.5 | 0.00 | Feb 3, 2026 | Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | ||
| CVE-2025-62313 | Med | 0.35 | 5.4 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions. | ||
| CVE-2025-62310 | Med | 0.35 | 5.4 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions. | ||
| CVE-2025-52624 | Med | 0.35 | 5.4 | 0.00 | Oct 10, 2025 | A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects… | ||
| CVE-2025-31960 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the… | ||
| CVE-2025-31970 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS) | ||
| CVE-2025-31981 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | ||
| CVE-2025-62308 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under… | ||
| CVE-2025-62305 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions. | ||
| CVE-2025-31976 | Med | 0.31 | 4.8 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. . | ||
| CVE-2025-62320 | Med | 0.31 | 4.7 | 0.00 | Mar 17, 2026 | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically… | ||
| CVE-2025-52643 | Med | 0.31 | 4.7 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing… | ||
| CVE-2025-52613 | Med | 0.30 | 4.6 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access. | ||
| CVE-2025-31978 | Med | 0.30 | 4.6 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other… | ||
| CVE-2025-52628 | Med | 0.30 | 4.6 | 0.00 | Feb 3, 2026 | HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0. | ||
| CVE-2025-52626 | Med | 0.29 | 4.5 | 0.01 | Feb 3, 2026 | A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | ||
| CVE-2025-52606 | Med | 0.28 | 4.3 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is… | ||
| CVE-2025-62311 | Med | 0.28 | 4.3 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions | ||
| CVE-2025-15634 | Med | 0.28 | 4.3 | 0.00 | May 9, 2026 | A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page. | ||
| CVE-2026-21783 | Med | 0.28 | 4.3 | 0.00 | Mar 24, 2026 | HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers… | ||
| CVE-2025-31994 | Med | 0.28 | 4.3 | 0.00 | Oct 13, 2025 | HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated… | ||
| CVE-2025-31973 | Med | 0.26 | 4.0 | 0.00 | May 20, 2026 | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment. | ||
| CVE-2026-21767 | Med | 0.26 | 4.0 | 0.00 | Apr 2, 2026 | HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. | ||
| CVE-2025-31974 | Low | 0.25 | 3.9 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized… | ||
| CVE-2025-52609 | Low | 0.24 | 3.7 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers. | ||
| CVE-2025-31985 | Low | 0.24 | 3.7 | 0.00 | May 20, 2026 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed… | ||
| CVE-2025-31984 | Low | 0.24 | 3.7 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed… | ||
| CVE-2025-31983 | Low | 0.24 | 3.7 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information. | ||
| CVE-2025-31982 | Low | 0.24 | 3.7 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality. | ||
| CVE-2025-59852 | Low | 0.24 | 3.7 | 0.00 | May 6, 2026 | HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information. | ||
| CVE-2025-59851 | Low | 0.24 | 3.7 | 0.00 | May 6, 2026 | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or… | ||
| CVE-2025-31958 | Low | 0.24 | 3.7 | 0.00 | Apr 21, 2026 | HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between… | ||
| CVE-2025-52631 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | ||
| CVE-2025-52623 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access.… | ||
| CVE-2025-52629 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | ||
| CVE-2025-52635 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. | ||
| CVE-2025-52625 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0. | ||
| CVE-2025-52634 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. |
- risk 0.64cvss 9.8epss 0.00
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently…
- risk 0.57cvss 8.8epss 0.01
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a…
- risk 0.57cvss 8.8epss 0.00
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
- risk 0.54cvss 8.3epss 0.00
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or…
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1.
- risk 0.53cvss 8.2epss 0.00
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
- risk 0.46cvss 7.1epss 0.00
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .
- risk 0.42cvss 6.5epss 0.00
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate…
- risk 0.42cvss 6.5epss 0.00
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
- risk 0.40cvss 6.1epss 0.00
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
- risk 0.40cvss 6.1epss 0.00
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
- risk 0.38cvss 5.8epss 0.00
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation…
- risk 0.36cvss 5.5epss 0.00
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
- risk 0.35cvss 5.4epss 0.00
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.
- risk 0.35cvss 5.4epss 0.00
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.
- risk 0.35cvss 5.4epss 0.00
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects…
- risk 0.34cvss 5.3epss 0.00
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the…
- risk 0.34cvss 5.3epss 0.00
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
- risk 0.34cvss 5.3epss 0.00
HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data.
- risk 0.33cvss 5.1epss 0.00
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under…
- risk 0.33cvss 5.1epss 0.00
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
- risk 0.31cvss 4.8epss 0.00
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. .
- risk 0.31cvss 4.7epss 0.00
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically…
- risk 0.31cvss 4.7epss 0.00
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing…
- risk 0.30cvss 4.6epss 0.00
HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
- risk 0.30cvss 4.6epss 0.00
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other…
- risk 0.30cvss 4.6epss 0.00
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
- risk 0.29cvss 4.5epss 0.01
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
- risk 0.28cvss 4.3epss 0.00
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is…
- risk 0.28cvss 4.3epss 0.00
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
- risk 0.28cvss 4.3epss 0.00
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.
- risk 0.28cvss 4.3epss 0.00
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers…
- risk 0.28cvss 4.3epss 0.00
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated…
- risk 0.26cvss 4.0epss 0.00
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.
- risk 0.26cvss 4.0epss 0.00
HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication.
- risk 0.25cvss 3.9epss 0.00
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized…
- risk 0.24cvss 3.7epss 0.00
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
- risk 0.24cvss 3.7epss 0.00
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed…
- risk 0.24cvss 3.7epss 0.00
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed…
- risk 0.24cvss 3.7epss 0.00
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.
- risk 0.24cvss 3.7epss 0.00
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.
- risk 0.24cvss 3.7epss 0.00
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.
- risk 0.24cvss 3.7epss 0.00
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or…
- risk 0.24cvss 3.7epss 0.00
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between…
- risk 0.24cvss 3.7epss 0.00
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access.…
- risk 0.24cvss 3.7epss 0.00
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Page 1 of 3