Hcltech: Security Vulnerabilities
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
CVSS Score
2.8
EPSS Score
0.002
Published
2026-01-19
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
CVSS Score
2.7
EPSS Score
0.003
Published
2026-01-19
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
CVSS Score
2.4
EPSS Score
0.002
Published
2026-01-19
HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk
CVSS Score
7.4
EPSS Score
0.002
Published
2026-01-16
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
CVSS Score
2.0
EPSS Score
0.002
Published
2026-01-07
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
CVSS Score
2.9
EPSS Score
0.001
Published
2026-01-07
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
CVSS Score
2.2
EPSS Score
0.003
Published
2026-01-07
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
CVSS Score
5.5
EPSS Score
0.004
Published
2025-12-03
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
CVSS Score
5.5
EPSS Score
0.004
Published
2025-12-03
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-11-28