Hcltech: Security Vulnerabilities
A
rusted types in scripts not enforced in CSP vulnerability has been identified
in HCL AION.This issue affects AION: 2.0.
CVSS Score
3.7
EPSS Score
0.002
Published
2025-10-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
CVSS Score
3.7
EPSS Score
0.002
Published
2025-10-10
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
CVSS Score
8.2
EPSS Score
0.002
Published
2025-10-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
CVSS Score
3.7
EPSS Score
0.002
Published
2025-10-10
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-10
HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.
CVSS Score
4.6
EPSS Score
0.002
Published
2025-10-03
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.
CVSS Score
7.6
EPSS Score
0.002
Published
2025-10-03
HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited.
CVSS Score
3.5
EPSS Score
0.002
Published
2025-10-03
HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access.
CVSS Score
7.6
EPSS Score
0.002
Published
2025-10-03
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-28