SecAlerts
CVE ListPricingSign Up
HCL logo

HCL

Security Risk Profile

43
/100
medium

Security Risk Score

Comprehensive risk assessment based on 272 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

πŸ“… Data spans from May 23, 2023 to present

272
Total CVEs
89
Critical+High
0
Exploited
88
Unpatched

Threat Assessment

Avg CVSS
6.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
88
Critical/High
Risk Level
43/100
medium
πŸ†• 4Fresh (<7d)πŸ“ˆ 35 in Last 30 Days

Severity Distribution

Critical
27
High
62
Medium
153
Low
30

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
0

Age Distribution

Common Weaknesses (CWE)

1
XSS
37
2
Infoleak
21
3
Malicious File Upload
8
4
CSRF
7
5
Input Validation
7

Most Affected Products

1. hcltech Connections107
2. HCL AION32
3. Hcltechsw Hcl Launch29
4. hcltech Aion28
5. hcltech Bigfix Platform24

Recent Vulnerabilities

See more β†’
CVE-2026-21836
CVSS 6.5medium

HCL DominoIQ is affected by broken access control

5/20/2026πŸ”§ No Patch
CVE-2025-31985
CVSS 6.5medium

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure β€œX-Content-Type-Options” header

5/20/2026πŸ”§ No Patch
CVE-2025-31973
CVSS 9.8critical

HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'

5/20/2026πŸ”§ No Patch
CVE-2026-21789
CVSS 4.6medium

HCL Connections is vulnerable to broken access control

5/18/2026πŸ”§ No Patch
CVE-2025-62305
CVSS 5.1medium

HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions

5/14/2026πŸ”§ No Patch
CVE-2025-62317
CVSS 2.6low

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.

5/14/2026πŸ”§ No Patch
CVE-2025-62308
CVSS 5.1medium

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed

5/14/2026πŸ”§ No Patch
CVE-2025-62309
CVSS 2.6low

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields.

5/14/2026πŸ”§ No Patch
CVE-2025-62312
CVSS 3.0low

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication

5/14/2026πŸ”§ No Patch
CVE-2025-62316
CVSS 2.3low

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured

5/14/2026πŸ”§ No Patch

Monitor HCL in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

Β© 2026 SecAlerts Pty Ltd. All rights reserved.