Lucene search

[email protected]NVD:CVE-2023-45700

HistoryDec 21, 2023 - 1:15 a.m.

CVE-2023-45700

2023-12-2101:15:32

CWE-79

[email protected]

web.nvd.nist.gov

hcl launch

html injection

web ui

sensitive information disclosure

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Affected configurations

NVD

Node

hcltechswhcl_launchRange7.1.0.0–7.1.2.14

hcltechswhcl_launchRange7.2.0.0–7.2.3.7

hcltechswhcl_launchRange7.3.0.0–7.3.2.2

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644