Description
HCL Launch stores user credentials in plain clear text which can be read by a local user.
Affected Software
{"id": "CVE-2022-27548", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-27548", "description": "HCL Launch stores user credentials in plain clear text which can be read by a local user.", "published": "2022-07-06T21:15:00", "modified": "2022-07-14T17:28:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27548", "reporter": "psirt@hcl.com", "references": ["https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253"], "cvelist": ["CVE-2022-27548"], "immutableFields": [], "lastseen": "2022-07-14T18:28:37", "viewCount": 10, "enchantments": {"twitter": {"counter": 4, "tweets": [{"link": "https://twitter.com/CVEnew/status/1544814759102513152", "text": "CVE-2022-27548 HCL Launch stores user credentials in plain clear text which can be read by a local user. https://t.co/4V5Vok0hhH", "author": "CVEnew", "author_photo": "https://pbs.twimg.com/profile_images/1447927972393111557/PQRMlVvZ_400x400.jpg"}, {"link": "https://twitter.com/www_sesin_at/status/1547756737024782336", "text": "New post from https://t.co/9KYxtdHHVL (CVE-2022-27548 (hcl_launch)) has been published on https://t.co/7fxdT2Sz7S", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/WolfgangSesin/status/1547756734868967435", "text": "New post from https://t.co/uXvPWJPHkR (CVE-2022-27548 (hcl_launch)) has been published on https://t.co/QtB7DNtiTp", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}]}, "score": {"value": 0.9, "vector": "NONE"}, "vulnersScore": 0.9}, "_state": {"twitter": 1657852124, "score": 1659865730, "dependencies": 1660016946}, "_internal": {"score_hash": "07ccbf4fe048b8ebcd7d659be0e1c8a9"}, "cna_cvss": {"cna": "HCL Software", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "score": 4.9}}}, "cpe": ["cpe:/a:hcltechsw:hcl_launch:7.1.2.6", "cpe:/a:hcltechsw:hcl_launch:7.2.2.1", "cpe:/a:hcltechsw:hcl_launch:7.0.5.10"], "cpe23": ["cpe:2.3:a:hcltechsw:hcl_launch:7.0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:hcltechsw:hcl_launch:7.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:hcltechsw:hcl_launch:7.1.2.6:*:*:*:*:*:*:*"], "cwe": ["CWE-522"], "affectedSoftware": [{"cpeName": "hcltechsw:hcl_launch", "version": "7.1.2.6", "operator": "eq", "name": "hcltechsw hcl launch"}, {"cpeName": "hcltechsw:hcl_launch", "version": "7.2.2.1", "operator": "eq", "name": "hcltechsw hcl launch"}, {"cpeName": "hcltechsw:hcl_launch", "version": "7.0.5.10", "operator": "eq", "name": "hcltechsw hcl launch"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:hcltechsw:hcl_launch:7.1.2.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:hcltechsw:hcl_launch:7.2.2.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:hcltechsw:hcl_launch:7.0.5.10:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253", "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253", "refsource": "MISC", "tags": ["Vendor Advisory"]}]}
{}
CVE-2022-27548