CVE-2022-27549

HCL Launch may store certain data for recurring activities in a plain text format.

CVE-2022-42445

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.

CVE-2024-42196

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

CVE-2022-27548

HCL Launch stores user credentials in plain clear text which can be read by a local user.

CVE-2022-27551

HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.

CVE-2025-0273

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.

CVE-2025-0256

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

CVE-2025-0255

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

CVE-2024-42195

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVE-2024-23558

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-23559

HCL DevOps Deploy / Launch is generating an obsolete HTTP header.

CVE-2024-23561

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.

CVE-2024-23550

HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.

CVE-2025-0257

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

CVE-2023-45700

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVE-2022-42452

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

CVE-2023-45703

HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.

CVE-2025-0272

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVE-2023-23348

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.

CVE-2023-45701

HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2023-45702

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..