7.5
CVE-2025-0257
- EPSS 0.04%
- Veröffentlicht 02.04.2025 22:15:18
- Zuletzt bearbeitet 10.04.2025 14:13:56
- Quelle psirt@hcl.com
- Teams Watchlist Login
- Unerledigt Login
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltechsw ≫ Hcl Devops Deploy Version >= 8.0.0.0 < 8.0.1.6
Hcltechsw ≫ Hcl Devops Deploy Version >= 8.1.0 < 8.1.1
Hcltechsw ≫ Hcl Launch Version >= 7.1.0.0 < 7.1.2.23
Hcltechsw ≫ Hcl Launch Version >= 7.2.0.0 < 7.2.3.16
Hcltechsw ≫ Hcl Launch Version >= 7.3.0.0 < 7.3.2.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@hcl.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.