Lucene search

HCLCVELIST:CVE-2023-45700

HistoryDec 21, 2023 - 12:10 a.m.

CVE-2023-45700 HCL Launch is susceptible to an HTML injection vulnerability

2023-12-2100:10:11

HCL

www.cve.org

cve-2023-45700

hcl launch

html injection

vulnerability

web ui

sensitive information disclosure

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Launch",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.1 - 7.1.2.14, 7.2 - 7.2.3.7, 7.3 - 7.3.2.2"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-45700