Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2025-52618
HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-08-15
CVE-2025-52619
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-08-15
CVE-2025-52620
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-08-15
CVE-2025-52621
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-15
CVE-2025-31961
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-08-15
CVE-2025-31987
HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-08-14
CVE-2025-0252
HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.
CVSS Score
2.6
EPSS Score
0.0
Published
2025-07-25
CVE-2025-0253
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-07-25
CVE-2025-0251
HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.
CVSS Score
2.6
EPSS Score
0.0
Published
2025-07-25
CVE-2025-0249
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token was not invalidated which may allow attackers to access sensitive data without authorization.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-07-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved