Hcltech CVEs & Vulnerabilities

60 CVEs affecting Hcltech products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

aftermarket cloud 17bigfix service management 16aion 7icontrol 5dfxanalytics 5digital experience 4connections 3digital experience compose 3
CVE-2026-21788MEDIUM

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

19 Mar 2026
5.4
CVSS
CVE-2024-42210MEDIUM

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower.  Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

19 Mar 2026
5.4
CVSS
CVE-2025-52649MEDIUM

HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.

16 Mar 2026
5.3
CVSS
CVE-2025-52646MEDIUM

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.

16 Mar 2026
5.3
CVSS
CVE-2025-52645MEDIUM

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

16 Mar 2026
5.3
CVSS
CVE-2025-52644HIGH

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.

16 Mar 2026
8.2
CVSS
CVE-2025-52643HIGH

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.

16 Mar 2026
7.8
CVSS
CVE-2025-52642MEDIUM

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.

16 Mar 2026
6.5
CVSS
CVE-2025-52636HIGH

HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.

16 Mar 2026
7.5
CVSS
CVE-2026-21786LOW

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.

5 Mar 2026
3.3
CVSS
CVE-2025-62326MEDIUM

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

20 Feb 2026
4.8
CVSS
CVE-2025-52603LOW

HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.

20 Feb 2026
3.5
CVSS
← PrevPage 2 / 2Next →