Primary

Context

HCL Workload Scheduler Plain Text Credential Storage Vulnerability

Vulnerability

A vulnerability exists in HCL Workload Scheduler versions through 10.2.3, where user credentials are stored in plain text. This allows local users to read the credentials. The issue has been addressed in version 10.2.4 and higher.

Impact

Exploitation of this vulnerability allows local users to access stored user credentials in plain text.

Remediation

Users can upgrade to HCL Workload Automation version 10.2.4 or higher to address this vulnerability. The update is available through My HCLSoftware.

Added: Dec 11, 2025, 8:36 PM

Updated: Dec 11, 2025, 8:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Workload Scheduler Plain Text Credential Storage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating