Known Vulnerabilities for products from Hcltech
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Hcltech".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-21837 json | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacke... | Not Provided | 2026-06-05 | 2026-06-10 |
| CVE-2026-21826 json | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can ma... | Not Provided | 2026-06-05 | 2026-06-10 |
| CVE-2026-21825 json | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An... | Not Provided | 2026-06-05 | 2026-06-10 |
| CVE-2026-21791 json | HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application ... | Not Provided | 2026-03-10 | 2026-05-07 |
| CVE-2026-21783 json | HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide de... | Not Provided | 2026-03-24 | 2026-03-31 |
| CVE-2026-21767 json | HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive area... | Not Provided | 2026-04-02 | 2026-04-16 |
| CVE-2026-21765 json | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys locat... | Not Provided | 2026-04-02 | 2026-04-16 |
| CVE-2025-63402 json | An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via API... | Not Provided | 2025-12-03 | 2026-07-05 |
| CVE-2025-63401 json | Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to exec... | Not Provided | 2025-12-03 | 2026-07-05 |
| CVE-2025-62340 json | HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web... | Not Provided | 2026-06-17 | 2026-06-26 |
| CVE-2025-62320 json | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showin... | Not Provided | 2026-03-17 | 2026-05-11 |
| CVE-2025-62319 json | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean c... | Not Provided | 2026-03-16 | 2026-06-05 |
| CVE-2025-59872 json | HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then i... | Not Provided | 2026-06-17 | 2026-06-26 |
| CVE-2025-59868 json | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an atta... | Not Provided | 2026-06-27 | 2026-07-06 |
| CVE-2025-59854 json | HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the ou... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2025-59853 json | HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces ... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2025-59852 json | HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2025-59851 json | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched l... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2025-55252 json | HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwo... | Not Provided | 2026-01-19 | 2026-04-25 |
| CVE-2025-55251 json | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulti... | Not Provided | 2026-01-19 | 2026-04-25 |
Known software with vulnerabilities from Hcltech
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Hcltech | Appscan | - |
| Application | Hcltech | Appscan Source | - |
| Application | Hcltech | Bigfix Platform | 10.0.2 |
| Application | Hcltech | Bigfix Webui | - |
| Application | Hcltech | Connections | 5.5 |
| Application | Hcltech | Digital Experience | 8.5 |
| Application | Hcltech | Domino | - |
| Application | Hcltech | Hcl Digital Experience | 8.5 |
| Application | Hcltech | Hcl Domino | 10.0.1 |
| Application | Hcltech | Hcl Inotes | 10.0.1 |
| Application | Hcltech | Hcl Nomad | 1.0 |
| Application | Hcltech | Notes | 10.0 |
| Application | Hcltech | Self-service Application | 3.0.0 |
| Application | Hcltech | Traveler | 10.0.0.0 |