Lucene search

HCLCVELIST:CVE-2024-23550

HistoryFeb 03, 2024 - 5:32 a.m.

CVE-2024-23550 HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure

2024-02-0305:32:58

HCL

www.cve.org

cve-2024-23550

hcl devops deploy

hcl launch

sensitive information disclosure

windows agent

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Launch / DevOps Deploy",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.0 - 7.0.5.19, 7.1 - 7.1.2.15, 7.2 - 7.2.3.8, 7.3 - 7.3.2.3, 8.0.0.0"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-23550