Known Vulnerabilities for products from Hcltech

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Hcltech".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-21837 json HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacke... Not Provided 2026-06-05 2026-06-10
CVE-2026-21826 json HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can ma... Not Provided 2026-06-05 2026-06-10
CVE-2026-21825 json HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An... Not Provided 2026-06-05 2026-06-10
CVE-2026-21791 json HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application ... Not Provided 2026-03-10 2026-05-07
CVE-2026-21783 json HCL Traveler is affected by sensitive information disclosure.  The application generates some error messages that provide de... Not Provided 2026-03-24 2026-03-31
CVE-2026-21767 json HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive area... Not Provided 2026-04-02 2026-04-16
CVE-2026-21765 json HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys locat... Not Provided 2026-04-02 2026-04-16
CVE-2025-63402 json An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via API... Not Provided 2025-12-03 2026-07-05
CVE-2025-63401 json Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to exec... Not Provided 2025-12-03 2026-07-05
CVE-2025-62340 json HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web... Not Provided 2026-06-17 2026-06-26
CVE-2025-62320 json HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showin... Not Provided 2026-03-17 2026-05-11
CVE-2025-62319 json Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean c... Not Provided 2026-03-16 2026-06-05
CVE-2025-59872 json HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then i... Not Provided 2026-06-17 2026-06-26
CVE-2025-59868 json HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an atta... Not Provided 2026-06-27 2026-07-06
CVE-2025-59854 json HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the ou... Not Provided 2026-05-06 2026-05-07
CVE-2025-59853 json HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces ... Not Provided 2026-05-06 2026-05-07
CVE-2025-59852 json HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the... Not Provided 2026-05-06 2026-05-07
CVE-2025-59851 json HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched l... Not Provided 2026-05-06 2026-05-07
CVE-2025-55252 json HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwo... Not Provided 2026-01-19 2026-04-25
CVE-2025-55251 json HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulti... Not Provided 2026-01-19 2026-04-25

Known software with vulnerabilities from Hcltech

Type Vendor Product Version
ApplicationHcltechAppscan-
ApplicationHcltechAppscan Source-
ApplicationHcltechBigfix Platform10.0.2
ApplicationHcltechBigfix Webui-
ApplicationHcltechConnections5.5
ApplicationHcltechDigital Experience8.5
ApplicationHcltechDomino-
ApplicationHcltechHcl Digital Experience8.5
ApplicationHcltechHcl Domino10.0.1
ApplicationHcltechHcl Inotes10.0.1
ApplicationHcltechHcl Nomad1.0
ApplicationHcltechNotes10.0
ApplicationHcltechSelf-service Application3.0.0
ApplicationHcltechTraveler10.0.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report