1. Home
  2. Bug Bounty Programs
  3. HCL Software Inc.
HackerOne · VDP

HCL Software Inc. Vulnerability Disclosure Program

Complete guide to HCL Software Inc.'s vulnerability disclosure program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

HCL Software Inc. runs a vulnerability disclosure program on HackerOne. The program has 48 in-scope assets and is managed by HackerOne's triage team.

48
In-Scope Assets
3h
Avg Response
50%
Efficiency
26d
Avg Resolve

In-Scope Assets

AssetTypeMax SeverityEligible
HCL AppScanDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL AtlasDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL BigFixDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL ClaraDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL CommerceDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL ConnectionsDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Design Room Live!DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Digital Experience (Portal & Content Manager)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL DominoDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL FormsDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL HERODOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL InformixDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Informix on CloudDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Integration Platform (HIP)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL LeapDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL NotesDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL One Test EmbeddedDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL OneTestDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL RealTime Software Tooling (RTist)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL SametimeDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Billing Request System (BRQ)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Compensation Console OnPrimDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - GEO - Leave Management System (LMS)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Geo Joining Console (GJC)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Global Claim System - CVCS AzureDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Global Claim System - ECSDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - HCLT-EIS-Project Initiation & BudgetingDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - India - Leave Management System (LMS)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - My Profile (ESS)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - My Travel TAS AZUREDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Netconsole JoiningDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Resource Assignation System (RAS)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Revenue Forecast System (iRFS)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - Smart Service Desk (SSD) AzureDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - TP-SOWDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - iOffboardWebOnPrimDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - iOnboard ApplicationDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - iRemunerateDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Tech - iTIMEDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Terminal Enterprise Access (TEA)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL UnicaDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL UrbanCode DeployDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL UrbanCode VelocityDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL VerseDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Workload Automation (HWA)DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Workload Automation on AWSDOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Z Asset Optimizer DOWNLOADABLE_EXECUTABLESCriticalNo Bounty
HCL Z Data ToolsDOWNLOADABLE_EXECUTABLESCriticalNo Bounty

Out-of-Scope Assets

  • *.hcltechsw.com

Tips for Hacking HCL Software Inc.

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking HCL Software Inc.?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does HCL Software Inc. pay bounties?

No, HCL Software Inc. runs a Vulnerability Disclosure Program (VDP) without monetary rewards. You may receive recognition or swag.

What types of vulnerabilities does HCL Software Inc. accept?

HCL Software Inc. accepts reports for vulnerabilities found in their 48 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

TRON DAO

HackerOne · Bug Bounty · 1 assets

Bybit Fintech Ltd

HackerOne · Bug Bounty · 9 assets

Ruby

HackerOne · Bug Bounty · 1 assets