9 matches found
CVE-2024-42196
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
CVE-2022-27551
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
CVE-2025-0256
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
CVE-2024-42195
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2024-23558
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2024-23559
HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
CVE-2024-23550
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2023-45701
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-45702
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..