-
Products
- Alphabetical List
- Business & Industry Applications
- Cybersecurity
- Data and Analytics
- AI and Intelligent Operations
- Total Experience
- Sovereign Collaboration
- Specialized Software
- HCL Actian
- HCL Actian Data Platform
- HCL Actian Ingres
- HCL Aftermarket Cloud
- HCL AppScan
- HCL Automation Orchestrator
- HCL Automation Orchestrator Suite
- HCL BigFix
- HCL CAMWorks
- HCL Clara
- HCL Commerce Cloud
- HCL Connections
- HCL Customer Data Platform
- HCL DataConnect
- HCL DFMPro
- HCL Discover
- HCL Domino
- HCL DX
- HCL DevOps Code ClearCase
- HCL DevOps Code RealTime
- HCL DevOps Deploy
- HCL DevOps Plan
- HCL DevOps Model RealTime
- HCL DevOps Test
- HCL DevOps Test Embedded
- HCL DevOps Velocity
- HCL Glovius
- HCL Hero
- HCL HIVE
- HCL iAutomate
- HCL iControl
- HCL Informix
- HCL IntelliOps
- HCL IntelliOps Event Management
- HCL iObserve
- HCL Leap
- HCL Link
- HCL Mainframe Solutions
- HCL Marketing Cloud
- HCL Marketplace
- HCL MyCloud
- HCL MyXalytics
- HCL Nippon
- HCL Notes
- HCL Now
- HCL SafeLinx
- HCL Sametime
- HCL Secure DevOps
- HCL SX
- HCL TX Platform
- HCL Unica
- HCL Vector Analytics
- HCL Verse
- HCL Volt MX
- HCL Workload Automation
- HCL Z Asset Optimizer
- HCL Z Abend Investigator
- HCL Z and I Emulator
- HCL Zeenea Data Discover Platform
- HCL Zen Edge Data Management
- HCL Aftermarket Cloud Aftermarket-led growth platform
- HCL Commerce Cloud Enterprise e-commerce for B2C and B2B
- HCL CDP Flexible and customizable customer data platform
- HCL Discover Behavioral insights for customer journeys
- HCL Marketing Cloud Fueling precision marketing at scale with AI
- HCL Unica Enterprise marketing automation platform
- HCL AppScan Scans for application vulnerabilities
- HCL BigFix Secure endpoint management
- HCL BigFix Compliance Ensure security with continuous, real-time compliance monitoring
- HCL BigFix CyberFOCUS Supercharging IT operations to secure the enterprise
- HCL BigFix Remediate Automate, remediate & secure endpoints
- HCL Actian Empowers the data-driven enterprise
- HCL Actian Data Platform Data services suite; flexible deployment
- HCL Actian Ingres Legendary transactional RDBMS
- HCL DataConnect Low-code integration platform
- HCL Zeenea Data Discover Platform Cloud-native data governance solution
- HCL Zen Embeddable edge data management
- HCL Automation Orchestrator Suite Accelerate IT and business automation
- HCL BigFix Secure endpoint management
- HCL BigFix AEX AI-driven employee experience accelerating productivity and innovation
- HCL BigFix Enterprise+ An all-in-one IT infrastructure automation offering enabling you to stay ahead of cyber threats
- HCL BigFix Workspace+ Fueling GenAI within the Digital+ experience
- HCL iControl HCL iControl is a business flow and process observability solution
- HCL MyXalytics Cloud finOps visibility and insights
- HCL SX Service management for everything-as-a-service delivery
- HCL Workload Automation Simplify and automation business workflows
- HCL Connections Collaboration and task management in one workspace
- HCL Domino Rapid application development platform
- HCL Leap No code citizen app dev
- HCL Link Connectivity across your digital ecosystem
- HCL Notes Comprehensive email and collaboration hub
- HCL SafeLinx Secure and flexible remote access to enterprise applications
- HCL Sametime Secure meetings, video, and chat communications
- HCL Verse Smart and secure enterprise email for seamless workflow
- HCL Augmented Network Automation (SON)Intelligent RAN automation platform
- HCL Automation Orchestrator Suite Accelerate IT and business automation
- HCL DFMProCAD integrated Design-for-Manufacturing platform
- HCL CAMWorksCAM for machining productivity
- HCL GloviusModern lightweight CAD Viewer
- HCL Mainframe Optimization Optimize, modernize, and innovate your mainframe investments
- HCL Secure DevOps Automated testing and security scanning
- Industries
- Partners
-
Persona
- HCL Commerce Cloud Enterprise e-commerce for B2C and B2B
- HCL CDP Flexible and customizable customer data platform
- HCL DX The DXP for the moments that matter
- HCL Marketing Cloud Fueling Precision Marketing At Scale with AI
- HCL Unica Enterprise marketing automation platform
- HCL Volt MX Multi-experience low code app dev
- HCL Actian Ingres Legendary transactional RDBMS
- HCL Actian Data Platform Data services suite; flexible deployment
- HCL AppScan Scans for Application Vulnerabilities
- HCL BigFix Secure endpoint management
- HCL BigFix AEX AI-driven employee experience accelerating productivity and innovation
- HCL BigFix Enterprise+ An all-in-one IT infrastructure automation offering enabling you to stay ahead of cyber threats
- HCL BigFix Workspace+ Fueling GenAI within the Digital+ experience
- HCL DataConnect Low-code integration platform
- HCL Foundry Secure Backend Services
- HCL iControl HCL iControl is a business flow and process observability solution
- HCL MyXalytics Cloud FinOps visibility and insights
- HCL SX Service management for everything-as-a-service delivery
- HCL Universal Orchestrator Orchestrate and optimize business automation
- HCL Vector Analytics A high-performance, secure vectorized columnar analytics database
- HCL Workload Automation Simplify and automation business workflows
- HCL Zen Embeddable edge data management
- Learn & Support
HCLSoftware Product Security Incident Response
HCLSoftware Vulnerability Disclosure Policy
HCLSoftware recognizes how important the security community is in keeping our products and our customers safe. We thank you in advance for your contributions to our vulnerability disclosure program.
The HCLSoftware Vulnerability Management Team manages the receipt, investigation and internal coordination of security vulnerability information related to HCLSoftware offerings. This team will coordinate with HCL product and solutions teams to investigate and, if needed, identify the appropriate response plan. Maintaining communication between all involved parties, both internal and external, is a key component of our vulnerability response process.
HCL will aim to respond to new reports within 2 business days.
Customers and other entitled users of a product or solution should contact HCLSoftware Customer Support to report issues discovered in HCL offerings. If the HCLSoftware Customer Support Team determines that a reported issue is a security vulnerability, it will contact HCLSoftware Vulnerability Management Team, as needed.
Guidelines
- To be eligible to participate in this program, you must not be under contract to perform security testing for HCL Corporation, or an HCL subsidiary, or HCL client within 6 months prior to submitting a report.
- Only report vulnerabilities for HCLSoftware products that are currently in support. Check the “In Scope” section below for the product list. Only the current release and the previous release of any of these products are covered by this program.
- To protect our customers, HCLSoftware does not publicly disclose or confirm security vulnerabilities until HCLSoftware has conducted an analysis of the product and issued fixes and/or mitigations. By submitting a vulnerability report to HCLSoftware, you agree to not publicly disclose or share the vulnerability with any third party until HCLSoftware confirms that the vulnerability has been remediated or you have received written permission from HCLSoftware to publish information about the vulnerability.
- HCLSoftware does not participate in bug bounty awards programs at this time.
- In order for HCL to evaluate your vulnerability report, you agree to provide the following information about your finding: your email address (required) and details on the software product and version, a description of the issue, the hardware platform, steps to reproduce the issue, and potential impact. See section “Report a Security Vulnerability”.
- Do not include any information that may identify an individual (such as a name, contact information, IP address or other similar information) in any attachments included in your vulnerability report.
OUT OF SCOPE VULNERABILITIES
The following submissions are not accepted as part of this program.
- Clickjacking on pages with no sensitive state changing actions.
- Unauthenticated/logout/login CSRF.
- Attacks requiring MITM or physical access to a user's device.
- Previously known vulnerable libraries without a working Proof of Concept.
- Comma Separated Values (CSV) injection without demonstrating a vulnerability.
- Best practices that do not lead to an actionable vulnerability or do not have a CVE.
- Any activity that could lead to the disruption of our service (DoS).
- Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS.
- HCLSoftware that has reached End Of Support (EOS) is not accepted and will receive a "Not Applicable" response.
- Publicly known data meant to be accessed by anyone. Please note: if you find a directory listing and explain how it can lead to a malicious exploit then we'll accept it.
LEGAL NOTICE
By submitting a vulnerability report to HCL, you agree that HCL may use any information provided by you in such report for any HCL business purpose (including but not limited to reproduction of the vulnerability, remediation of the vulnerability and general development purposes), without requiring consent from or payment to you.
Also, it is important that you notify us if any such information or associated intellectual property is not your own work or is covered by the intellectual property rights of others. Not notifying us means that you've represented that no third-party intellectual property rights are involved.
Thank you for helping keep HCL and our customers safe!