CVE-2024-42196
- EPSS 0.15%
- Veröffentlicht 06.12.2024 15:15:08
- Zuletzt bearbeitet 14.04.2025 17:16:43
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
CVE-2024-42195
- EPSS 0.29%
- Veröffentlicht 05.12.2024 05:15:06
- Zuletzt bearbeitet 21.04.2025 16:50:52
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2024-23558
- EPSS 0.31%
- Veröffentlicht 15.04.2024 21:15:07
- Zuletzt bearbeitet 11.04.2025 18:14:35
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2024-23561
- EPSS 0.36%
- Veröffentlicht 15.04.2024 21:15:07
- Zuletzt bearbeitet 11.04.2025 18:16:41
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
CVE-2024-23560
- EPSS 0.32%
- Veröffentlicht 15.04.2024 20:15:10
- Zuletzt bearbeitet 11.04.2025 18:25:49
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
CVE-2024-23559
- EPSS 0.31%
- Veröffentlicht 15.04.2024 18:15:10
- Zuletzt bearbeitet 11.04.2025 14:33:49
HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
CVE-2024-23550
- EPSS 0.21%
- Veröffentlicht 03.02.2024 06:15:48
- Zuletzt bearbeitet 03.06.2025 19:15:38
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2023-45702
- EPSS 0.16%
- Veröffentlicht 28.12.2023 08:15:35
- Zuletzt bearbeitet 21.11.2024 08:27:14
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
CVE-2023-45701
- EPSS 0.48%
- Veröffentlicht 28.12.2023 07:15:07
- Zuletzt bearbeitet 21.11.2024 08:27:14
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-45700
- EPSS 0.31%
- Veröffentlicht 21.12.2023 01:15:32
- Zuletzt bearbeitet 21.11.2024 08:27:14
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.