Every CVE whose affected-product data names Hcltech Icontrol, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-52612 — CVSS 7.1 (high): HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability…
CVE-2025-52606 — CVSS 4.3 (medium): HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural…
CVE-2025-52609 — CVSS 3.7 (low): HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the…
CVE-2025-52608 — CVSS 3.1 (low): HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical…
CVE-2025-52611 — CVSS 3.1 (low): HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined…
CVE-2025-62340 — CVSS 3.1 (low): HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application…