Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2025-52661
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-01-19
CVE-2025-59870
HCL MyXalytics  is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk
CVSS Score
7.4
EPSS Score
0.001
Published
2026-01-16
CVE-2025-31962
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
CVSS Score
2.0
EPSS Score
0.0
Published
2026-01-07
CVE-2025-31963
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
CVSS Score
2.9
EPSS Score
0.0
Published
2026-01-07
CVE-2025-31964
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
CVSS Score
2.2
EPSS Score
0.0
Published
2026-01-07
CVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
CVSS Score
5.5
EPSS Score
0.001
Published
2025-12-03
CVE-2025-63402
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
CVSS Score
5.5
EPSS Score
0.002
Published
2025-12-03
CVE-2025-51733
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-28
CVE-2025-51734
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-28
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved