Hcltech
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Hcltech product.
RSS Feeds for Hcltech security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Hcltech products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Hcltech Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Hcltech. Last year, in 2025 Hcltech had 17 security vulnerabilities published. Right now, Hcltech is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 17 | 7.09 |
| 2024 | 42 | 6.60 |
| 2023 | 46 | 6.69 |
| 2022 | 53 | 6.88 |
| 2021 | 5 | 5.26 |
| 2020 | 37 | 6.97 |
| 2019 | 3 | 5.77 |
It may take a day or so for new Hcltech vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-42212 | May 05, 2025 |
CSRF via missing SameSite attribute in HCL BigFix ComplianceHCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions. |
Bigfix Compliance
|
| CVE-2024-42213 | May 05, 2025 |
HCL BigFix Compliance: Temporary File Disclosure via Predictable URLsHCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure. |
Bigfix Compliance
|
| CVE-2024-42178 | Apr 17, 2025 |
HCL MyXalytics Unauth URL Access VulnerabilityHCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution. |
Dryice Myxalytics
|
| CVE-2024-42177 | Apr 17, 2025 |
HCL MyXalytics: SSL/TLS BREACH, LUCKY13 Cipher LeakHCL MyXalytics is affected by SSL/TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system. |
Dryice Myxalytics
|
| CVE-2024-42176 | Mar 19, 2025 |
Concurrent Login Bug in HCL MyXalytics Enabling Credential AbuseHCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information. |
Dryice Myxalytics
|
| CVE-2024-30154 | Mar 03, 2025 |
HCL SX CSRF Vulnerability (CVE-2024-30154)HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
Hcl Sx
|
| CVE-2024-42179 | Jan 12, 2025 |
HCL MyXalytics ID Disclosure: Microsoft-HTTP API/2.0 in Response HeaderHCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API/2.0 as the server's name & version. |
Dryice Myxalytics
|
| CVE-2024-42180 | Jan 12, 2025 |
Malicious File Upload in HCL MyXalytics Enables Remote Code ExecHCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files. |
Dryice Myxalytics
|
| CVE-2024-42181 | Jan 12, 2025 |
HCL MyXalytics Cleartext Data Tx Vulnerability (CVE-2024-42181)HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Dryice Myxalytics
|
| CVE-2024-42175 | Jan 11, 2025 |
HCL MyXalytics Weak Validation Enables SQLi, XSS, and Buffer OverflowHCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow. |
Dryice Myxalytics
|
| CVE-2024-42170 | Jan 11, 2025 |
HCL MyXalytics Session Fixation Vulnerability via Crafted URLHCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session. |
Dryice Myxalytics
|
| CVE-2024-42171 | Jan 11, 2025 |
HCL MyXalytics Session Fixation Vulnerability (CVE202442171)HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session. |
Dryice Myxalytics
|
| CVE-2024-42172 | Jan 11, 2025 |
HCL MyXalytics Broken Auth: Key/PWD & SESS.TOKS CompromiseHCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. |
Dryice Myxalytics
|
| CVE-2024-42173 | Jan 11, 2025 |
HCL MyXalytics Weak Passwd Policy Enables Brute-Force AttacksHCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. |
Dryice Myxalytics
|
| CVE-2024-42174 | Jan 11, 2025 |
HCL MyXalytics Username Enumeration Vulnerability (CVE-2024-42174)HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames. |
Dryice Myxalytics
|
| CVE-2024-42168 | Jan 11, 2025 |
CVE-2024-42168: OOB HTTP Resource Load in HCL MyXalyticsHCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. |
Dryice Myxalytics
|
| CVE-2024-42169 | Jan 11, 2025 |
HCL MyXalytics IDOR Insecure Direct Object ReferencesHCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data. |
Dryice Myxalytics
|
| CVE-2024-30140 | Nov 07, 2024 |
HCL BigFix Compliance Unvalidated RedirectHCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. |
Bigfix Compliance
|
| CVE-2024-30141 | Nov 07, 2024 |
HCL BigFix Compliance Sensitive Error DisclosureHCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data. |
Bigfix Compliance
|
| CVE-2024-30142 | Nov 07, 2024 |
HCL BigFix Compliance Cookie Secure Flag MissingHCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel. |
Bigfix Compliance
|
| CVE-2024-30106 | Oct 28, 2024 |
HCL Connections Info Disclosure via IBM WAS ErrorHCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data. |
Connections
|
| CVE-2023-50355 | Oct 23, 2024 |
Sensitive info leak via error messages in HCL SametimeHCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. |
Sametime
|
| CVE-2024-30122 | Oct 23, 2024 |
HCL Sametime Missing HTTP Headers Cause Browser Security RiskHCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. |
Sametime
|
| CVE-2024-30117 | Oct 14, 2024 |
Dynamic Search Path Vulnerability Enabling Prerequisite Library ReplacementA dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. |
Bigfix Platform
|
| CVE-2024-30118 | Oct 09, 2024 |
HCL Connections Info Disclosure via Improper Request Data HandlingHCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. |
Connections
|
| CVE-2024-23586 | Sep 27, 2024 |
Insufficient Session Expiration in HCL Nomad Allows Unauth Session ReplayHCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. |
Hcl Nomad
|
| CVE-2024-30126 | Jul 18, 2024 |
HCL BigFix Compliance Clickjacking via missing X-Frame-OptionsHCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge. |
Bigfix Compliance
|
| CVE-2024-30125 | Jul 18, 2024 |
HCL BigFix Compliance Server 500 Error May Terminate ProcessHCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. |
Bigfix Compliance
|
| CVE-2024-23562 | Jul 08, 2024 |
HCL Domino Config Info Disclosure via Remote Unauth AttackA security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. |
Domino
|
| CVE-2024-23588 | Jul 05, 2024 |
HCL Nomad Server on Domino Limited Access Causes DoSHCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. |
Nomad Server On Domino
|
| CVE-2023-37539 | Jun 06, 2024 |
IBM Domino Catalog Template Stored XSS VulnerabilityThe Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. |
Domino
|
| CVE-2023-50347 | Apr 10, 2024 |
HCL DRYiCE MyXalytics SQLi via Insecure SQL InterfaceHCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. |
Dryice Myxalytics
|
| CVE-2023-45705 | Mar 28, 2024 |
WebReports SSRF via SMTP ConfigAn administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. |
Bigfix Platform
|
| CVE-2023-37530 | Feb 29, 2024 |
XSS in HCL BigFix Web Reports enabling JS executionA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. |
Bigfix Platform
|
| CVE-2023-37531 | Feb 29, 2024 |
XSS in HCL BigFix Web Reports componentA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. |
Bigfix Platform
|
| CVE-2023-37529 | Feb 29, 2024 |
XSS in HCL BigFix Platform Web Reports Enables Cookie TheftA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530. |
Bigfix Platform
|
| CVE-2023-37495 | Feb 29, 2024 |
Domino Dir: Weak Hsh for stored passwords enables BruteForce attackInternet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html . |
Domino
|
| CVE-2023-28018 | Feb 12, 2024 |
HCL Connections DoS Exploit via Improper Request ValidationHCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. |
Connections
|
| CVE-2023-45698 | Feb 10, 2024 |
CVE-2023-45698: Sametime Outlook AddIn ClickJacking VulnerabilitySametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. |
Sametime Chat And Meetings
|
| CVE-2023-45696 | Feb 10, 2024 |
Sametime AutoComplete Leak Storing Sensitive Input (CVE-2023-45696)Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. |
Sametime
|
| CVE-2023-45718 | Feb 09, 2024 |
Sametime Web: Persistent Cookie Allows Session HijackingSametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. |
Sametime
|
| CVE-2023-45716 | Feb 09, 2024 |
Cisco Sametime: Sensitive Info Leak via URL ParameterSametime is impacted by sensitive information passed in URL. |
Sametime
|
| CVE-2023-50349 | Feb 09, 2024 |
IBM Sametime CSRF in Proxy REST APIsSametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. |
Sametime
|
| CVE-2023-37528 | Feb 03, 2024 |
HCL BigFix XSS in Web Reports Save ReportA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. |
Bigfix Platform
|
| CVE-2024-23553 | Feb 02, 2024 |
HCL BigFix Platform XSS in Web Reports ComponentA cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. |
Bigfix Platform
|
| CVE-2023-37527 | Feb 02, 2024 |
Reflected XSS in HCL BigFix Web Reports Enables JS ExecutionA reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. |
Bigfix Platform
|
| CVE-2023-37518 | Jan 30, 2024 |
HCL BigFix ServiceNow Plugin Arbitrary Code Injection (CVE202337518)HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. |
Bigfix Servicenow Data Flow
|
| CVE-2023-45724 | Jan 03, 2024 |
HCL DRYiCE MyXalytics Unauth File Upload VulnerabilityHCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. |
Dryice Myxalytics
|
| CVE-2023-50341 | Jan 03, 2024 |
HCL DRYiCE MyXalytics Improper Access Control on Obsolete Web PagesHCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint. |
Dryice Myxalytics
|
| CVE-2023-45723 | Jan 03, 2024 |
Path Traversal in HCL DRYiCE MyXalytics File Upload EndpointsHCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. |
Dryice Myxalytics
|