CVE-2024-23558

The CVE-2024-23558 entry concerns HCL DevOps Deploy / HCL Launch where logout does not invalidate the user session, enabling an authenticated user to impersonate another user on the system. Connected documents confirm the issue origin as a session invalidation failure after logout, with CVSS deta...

CVE-2024-23561 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...

CVE-2024-23561 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values...

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23560 HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23559

HCL DevOps Deploy / Launch is generating an obsolete HTTP header...

CVE-2024-23559

HCL DevOps Deploy / Launch is generating an obsolete HTTP header...

CVE-2024-23559 HCL DevOps Deploy / Launch is generating an obsolete HTTP header

HCL DevOps Deploy / Launch is generating an obsolete HTTP header...

CVE-2024-23559 HCL DevOps Deploy / Launch is generating an obsolete HTTP header

HCL DevOps Deploy / Launch is generating an obsolete HTTP header...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from not invalidati...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. for handling the most complex deployment processes in DevOps. A security vulnerability exists in HCL Technologies HCL DevOps Deploy and HCL Launch that stems from...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from the...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from allowing the...

PT-2024-19939 · Hcl · Hcl Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue arises from the failure of HCL DevOps Deploy / HCL Launch to invalidate a user's session after they log out. This could potentially allow an authenticated...

PT-2024-19942 · Hcl · Hcl Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue is related to a sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. Recommendations: At the moment, there is...

PT-2024-19941 · Hcl · Hcl Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue is related to incomplete revocation of permissions when deleting a custom security resource type. There is no information provided about the estimated numbe...

CVE-2024-22358

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 28089...

CVE-2024-22358

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 28089...

CVE-2024-22359

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...