-
Products
-
AI and Intelligent Automation
Humanizing AI to solve real-world problems
-
Data, Analytics and Insights
Trusted, flexible and easy-to-use platforms
-
Digital Transformation
Technology that aligns people and systems
-
Enterprise Security
Security from application to endpoint
-
Data, Analytics & Insights Overview
-
Actian
Empowers the data-driven enterprise
-
Avalanche Cloud Data Platform
Data services suite; flexible deployment
-
DataConnect
Low-code integration platform
-
Ingres Transactional Database
Legendary transactional RDBMS
-
Vector Analytics
High-performance BI and analytics
-
HCL OneDB
Build database-driven enterprise apps
-
Zen Edge Data Management
Embeddable edge data management
-
Nippon
Workforce analytics solution leader
-
Digital Transformation Overview
-
Commerce
Enterprise e-commerce for B2C and B2B
-
Discover
Behavioral insights for customer journeys
-
DX
The DXP for the moments that matter
-
Unica
Enterprise marketing automation platform
-
Connections
Enterprise collaboration platform
-
Domino
Rapid application development platform
-
Sametime
Enterprise secure video meetings and chat
-
Volt MX
Multi-experience low code app dev
Other Featured Products
-
-
Industries
-
Industry software solutions
- Telecom & 5G
- Enterprise Cloud AI
- Digital Manufacturing
- Field Service
-
Industries
-
- Partners
- Contact us

HCLSOFTWARE PRODUCT SECURITY INCIDENT RESPONSE

HCLSOFTWARE PSIRT
HCL Software is committed to the safety and security of all our products and services. The HCL Software Product Security Incident Response Team (PSIRT) has been commissioned to manage the investigation and remediation of security vulnerabilities related to HCL Software offerings. This page describes our policy and process for handling security vulnerabilities in our products.
REPORT A SECURITY VULNERABILITY

To report a suspected security vulnerability to HCL Software, send an email to PSIRT@hcl.com. When submitting your report, be sure to include the product name, version, summary of the suspected security vulnerability, security impact of the vulnerability, and steps to reproduce the issue.
Please refer to our HCLSoftware Vulnerability Disclosure Policy prior to making your submission to ensure that you are reporting on In-scope software, reporting through the proper channels, and aware of our legal terms.
ANALYSIS AND REMEDIATION
Acknowledgment and Analysis of a Vulnerability Report
If you submitted a vulnerability report via PSIRT@hcl.com, HCLSoftware Product Security will acknowledge the receipt of the report within 2 business days. A tracking number will be provided in the acknowledgment email. Please include this tracking number in the subject of all further email communications relating to the submission.
Vulnerability Remediation
For all validated security vulnerabilities affecting HCLSoftware products and services that are in active support, HCLSoftware will provide a fix or workaround. A Security Bulletin describing the fix or workaround will be posted in the Knowledge Base on the HCL Customer Support portal.
Severity Rating
HCLSoftware uses version 3.1 of the Common Vulnerability Scoring System (CVSS) as part of its standard process of evaluating reported potential vulnerabilities in HCLSoftware products. The CVSS model uses three distinct measurements or scores that include Base, Temporal, and Environmental calculations.
HCLSoftware will provide an evaluation of the base vulnerability score, and in some instances, will provide a temporal vulnerability score. End users are encouraged to compute the environmental score based on their network parameters. The combination of all three scores should be considered the final score, which represents a moment in time and is tailored to a specific environment. Organizations are advised to use this final score to prioritize responses in their own environments.
SECURITY BULLETINS
Advisories or Bulletins of Product Security Information and Software Updates
Information relating to addressed vulnerabilities are published in Security Advisories or Security Bulletins, which are available from the Knowledge Base on the HCL Customer Support portal.” You can sign up for push notifications via email for the security bulletins you care about by visiting the HCL PSIRT Blog and subscribing to one or more of the Topics on the right hand side of the page. You can also search the HCL Support Knowledge Base for security bulletins."
Security bulletins are published under the following situations:
- A security issue that is specific to our software or that affects open-source software that can reasonably be assumed to affect our software is publicly reported and widely available; AND a fix is available in one or more supported software versions.
- A security issue that affects our software is privately reported to HCLSoftware; and a fix is available in currently supported software versions.
Security bulletins will include the following information, where applicable:
- Affected products and versions
- Description of vulnerability
- Potential impact rating
- Common Vulnerability Enumerator ID (CVE: http://www.cve.org )
- Severity rating (HCL uses version 3.1 of the Common Vulnerability Scoring System, CVSSv3.1; https://www.first.org/cvss/user-guide)
- Available updates, fixes or workarounds
- Acknowledgement of the reporter (if applicable)
Industry Affiliations
Advisories or Bulletins of Product Security Information and Software Updates
Information relating to addressed vulnerabilities are published in Security Advisories or Security Bulletins, which are available from the Knowledge Base on the HCL Customer Support portal.” You can sign up for push notifications via email for the security bulletins you care about by visiting the HCL PSIRT Blog and subscribing to one or more of the Topics on the right hand side of the page. You can also search the HCL Support Knowledge Base for security bulletins."
Security bulletins are published under the following situations:
- A security issue that is specific to our software or that affects open-source software that can reasonably be assumed to affect our software is publicly reported and widely available; AND a fix is available in one or more supported software versions.
- A security issue that affects our software is privately reported to HCLSoftware; and a fix is available in currently supported software versions.
Security bulletins will include the following information, where applicable:
- Affected products and versions
- Description of vulnerability
- Potential impact rating
- Common Vulnerability Enumerator ID (CVE: http://www.cve.org )
- Severity rating (HCL uses version 3.1 of the Common Vulnerability Scoring System, CVSSv3.1; https://www.first.org/cvss/user-guide)
- Available updates, fixes or workarounds
- Acknowledgement of the reporter (if applicable)
Industry Affiliations