-
Products
- Alphabetical List
- Business & Industry Applications
- Cybersecurity
- Data and Analytics
- AI and Intelligent Operations
- Total Experience
- Sovereign Collaboration
- Specialized Software
- HCL Actian
- HCL Actian Data Platform
- HCL Actian Ingres
- HCL Aftermarket Cloud
- HCL AppScan
- HCL Automation Orchestrator
- HCL Automation Orchestrator Suite
- HCL BigFix
- HCL CAMWorks
- HCL Commerce Cloud
- HCL Clara
- HCL Connections
- HCL Customer Data Platform
- HCL DataConnect
- HCL DFMPro
- HCL Discover
- HCL Domino
- HCL DX
- HCL DevOps Code ClearCase
- HCL DevOps Code RealTime
- HCL DevOps Deploy
- HCL DevOps Plan
- HCL DevOps Model RealTime
- HCL DevOps Test
- HCL DevOps Test Embedded
- HCL DevOps Velocity
- HCL Glovius
- HCL Hero
- HCL iAutomate
- HCL iObserve
- HCL iControl
- HCL Informix
- HCL IntelliOps
- HCL IntelliOps Event Management
- HCL Leap
- HCL Link
- HCL Mainframe Solutions
- HCL Marketing Cloud
- HCL MyCloud
- HCL MyXalytics
- HCL Nippon
- HCL Notes
- HCL Now
- HCL OneDB
- HCL SafeLinx
- HCL Sametime
- HCL Secure DevOps
- HCL SoFy
- HCL SX
- HCL TX Platform
- HCL Unica
- HCL Verse
- HCL Volt MX
- HCL Vector Analytics
- HCL Workload Automation
- HCL Z Asset Optimizer
- HCL Z Abend Investigator
- HCL Z and I Emulator
- HCL Zeenea Data Discover Platform
- HCL Zen Edge Data Management
- HCL Aftermarket Cloud Service lifecycle management platform
- HCL Commerce Cloud Enterprise e-commerce for B2C and B2B
- HCL CDP Flexible and customizable customer data platform
- HCL Discover Behavioral insights for customer journeys
- HCL Marketing Cloud Fueling precision marketing at scale with AI
- HCL Unica Enterprise marketing automation platform
- HCL AppScan Scans for application vulnerabilities
- HCL BigFix Secure endpoint management
- HCL BigFix Compliance Ensure security with continuous, real-time compliance monitoring
- HCL BigFix CyberFOCUS Supercharging IT operations to secure the enterprise
- HCL BigFix Remediate Automate, remediate & secure endpoints
- HCL Actian Empowers the data-driven enterprise
- HCL Actian Data Platform Data services suite; flexible deployment
- HCL Actian Ingres Legendary transactional RDBMS
- HCL DataConnect Low-code integration platform
- HCL Zeenea Data Discover Platform Cloud-native data governance solution
- HCL Zen Embeddable edge data management
- HCL Automation Orchestrator Suite Accelerate IT and business automation
- HCL BigFix Secure endpoint management
- HCL BigFix AEX AI-driven employee experience accelerating productivity and innovation
- HCL BigFix Enterprise+ An all-in-one IT infrastructure automation offering enabling you to stay ahead of cyber threats
- HCL BigFix Workspace+ Fueling GenAI within the Digital+ experience
- HCL iControl HCL iControl is a business flow and process observability solution
- HCL MyXalytics Cloud finOps visibility and insights
- HCL SX Service management for everything-as-a-service delivery
- HCL Workload Automation Simplify and automation business workflows
- HCL Connections Collaboration and task management in one workspace
- HCL Domino Rapid application development platform
- HCL Leap No code citizen app dev
- HCL Link Connectivity across your digital ecosystem
- HCL Notes Comprehensive email and collaboration hub
- HCL SafeLinx Secure and flexible remote access to enterprise applications
- HCL Sametime Secure meetings, video, and chat communications
- HCL Verse Smart and secure enterprise email for seamless workflow
- HCL Augmented Network Automation (SON)Intelligent RAN automation platform
- HCL Automation Orchestrator Suite Accelerate IT and business automation
- HCL DFMProCAD integrated Design-for-Manufacturing platform
- HCL CAMWorksCAM for machining productivity
- HCL GloviusModern lightweight CAD Viewer
- HCL Mainframe Optimization Optimize, modernize, and innovate your mainframe investments
- HCL Secure DevOps Automated testing and security scanning
- Industries
- Partners
-
Persona
- HCL Commerce Cloud E-Commerce für Unternehmen im B2C- und B2B-Geschäft
- HCL CDP Flexible and customizable customer data platform
- HCL DX The DXP for the moments that matter
- HCL Marketing Cloud Fueling Precision Marketing At Scale with AI
- HCL Unica Enterprise marketing automation platform
- HCL Volt MX Multi-experience low code app dev
- HCL Actian Ingres Legendary transactional RDBMS
- HCL Actian Data Platform Data services suite; flexible deployment
- HCL AppScan Scans for Application Vulnerabilities
- HCL BigFix Secure endpoint management
- HCL BigFix AEX AI-driven employee experience accelerating productivity and innovation
- HCL BigFix Enterprise+ An all-in-one IT infrastructure automation offering enabling you to stay ahead of cyber threats
- HCL BigFix Workspace+ Fueling GenAI within the Digital+ experience
- HCL DataConnect Low-code integration platform
- HCL Foundry Secure Backend Services
- HCL iControl HCL iControl is a business flow and process observability solution
- HCL MyXalytics Cloud FinOps visibility and insights
- HCL SX Service management for everything-as-a-service delivery
- HCL Universal Orchestrator Orchestrate and optimize business automation
- HCL Vector Analytics A high-performance, secure vectorized columnar analytics database
- HCL Workload Automation Simplify and automation business workflows
- HCL Zen Embeddable edge data management
- Learn & Support
HCL SOFTWARE PRODUCT SECURITY INCIDENT RESPONSE
HCL SOFTWARE PSIRT
HCL Software is committed to the safety and security of all our products and services. The HCL Software Product Security Incident Response Team (PSIRT) has been commissioned to manage the investigation and remediation of security vulnerabilities related to HCL Software offerings. This page describes our policy and process for handling security vulnerabilities in our products.
REPORT A SECURITY VULNERABILITY
HCL Software defines a security vulnerability as a weakness or flaw in a product or service that could allow an attacker to compromise the integrity, availability, or confidentiality of the product or service.
If you are a U.S. Federal Government Customer, please call the Federal toll-free number 1-855-855-5016 or the Federal toll number 1-984-333-9914 for assistance. All other customers, please use the Security Case form on the HCL Support Portal to submit your report. If you are a security researcher, please submit your report via email to PSIRT@hcl.com. See the HCL Software Vulnerability Disclosure Policy for more information.
Please include details of the software product and version, hardware platform, reproduction steps, potential impact and a proof of concept (if possible). This will enable us to duplicate the issue and respond to your report in a timely manner.
ANALYSIS AND REMEDIATION
Acknowledgment and Analysis of a Vulnerability Report
If you submitted a vulnerability report via the HCL Customer Support Portal, HCL Software Support will acknowledge the receipt of the report within 2 business days. A tracking number will be provided in the acknowledgment email. Please include this tracking number in the subject of all further email communications relating to the submission.
Vulnerability Remediation
For all validated security vulnerabilities affecting HCL Software products and services that are in active support, HCL Software will provide a fix or workaround. A Security Bulletin describing the fix or workaround will be posted in the Knowledge Base on the HCL Customer Support portal.
Severity Rating
HCL Software uses version 3.0 of the Common Vulnerability Scoring System (CVSS) as part of its standard process of evaluating reported potential vulnerabilities in HCL Software products. The CVSS model uses three distinct measurements or scores that include Base, Temporal, and Environmental calculations.
HCL Software will provide an evaluation of the base vulnerability score, and in some instances, will provide a temporal vulnerability score. End users are encouraged to compute the environmental score based on their network parameters. The combination of all three scores should be considered the final score, which represents a moment in time and is tailored to a specific environment. Organizations are advised to use this final score to prioritize responses in their own environments.
SECURITY BULLETINS
Advisories or Bulletins of Product Security Information and Software Updates
Information relating to addressed vulnerabilities are published in Security Advisories or Security Bulletins, which are available from the Knowledge Base on the HCL Customer Support portal.” You can sign up for push notifications via email for the security bulletins you care about by visiting the HCL PSIRT Blog and subscribing to one or more of the Topics on the right hand side of the page. You can also search the HCL Support Knowledge Base for security bulletins."
Security bulletins are published under the following situations:
- A security issue that is specific to our software or that affects open-source software that can reasonably be assumed to affect our software is publicly reported and widely available; AND a fix is available in one or more supported software versions.
- A security issue that affects our software is privately reported to HCL Software; and a fix is available in currently supported software versions.
Security bulletins will include the following information, where applicable:
- Affected products and versions
- Description of vulnerability
- Potential impact rating
- Common Vulnerability Enumerator ID (CVE: http://cve.mitre.org )
- Severity rating (HCL uses version 3 of the Common Vulnerability Scoring System, CVSSv3; https://www.first.org/cvss/user-guide)
- Available updates, fixes or workarounds
- Acknowledgement of the reporter (if applicable)
Industry Affiliations
Advisories or Bulletins of Product Security Information and Software Updates
Information relating to addressed vulnerabilities are published in Security Advisories or Security Bulletins, which are available from the Knowledge Base on the HCL Customer Support portal.” You can sign up for push notifications via email for the security bulletins you care about by visiting the HCL PSIRT Blog and subscribing to one or more of the Topics on the right hand side of the page. You can also search the HCL Support Knowledge Base for security bulletins."
Security bulletins are published under the following situations:
- A security issue that is specific to our software or that affects open-source software that can reasonably be assumed to affect our software is publicly reported and widely available; AND a fix is available in one or more supported software versions.
- A security issue that affects our software is privately reported to HCL Software; and a fix is available in currently supported software versions.
Security bulletins will include the following information, where applicable:
- Affected products and versions
- Description of vulnerability
- Potential impact rating
- Common Vulnerability Enumerator ID (CVE: http://cve.mitre.org )
- Severity rating (HCL uses version 3 of the Common Vulnerability Scoring System, CVSSv3; https://www.first.org/cvss/user-guide)
- Available updates, fixes or workarounds
- Acknowledgement of the reporter (if applicable)
Industry Affiliations