7.5
CVE-2026-56458
- EPSS 0.23%
- Veröffentlicht 09.07.2026 08:51:07
- Zuletzt bearbeitet 10.07.2026 16:00:03
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltechsw ≫ Hcl Devops Deploy Version >= 8.1.0.0 < 8.1.2.7
Hcltechsw ≫ Hcl Devops Deploy Version >= 8.2.0.0 < 8.2.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.132 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@hcl.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131695