Hcltechsw Hcl Launch
By the Year
In 2024 there have been 1 vulnerability in Hcltechsw Hcl Launch with an average score of 5.5 out of ten. Last year Hcl Launch had 5 security vulnerabilities published. Right now, Hcl Launch is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.56
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 5.50 |
2023 | 5 | 6.06 |
2022 | 4 | 5.60 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Hcl Launch vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltechsw Hcl Launch Security Vulnerabilities
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2024-23550
5.5 - Medium
- February 03, 2024
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser
CVE-2023-45701
6.5 - Medium
- December 28, 2023
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
HCL Launch is vulnerable to HTML injection
CVE-2023-45700
5.4 - Medium
- December 21, 2023
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
XSS
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
CVE-2023-45703
7.5 - High
- December 21, 2023
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
CVE-2023-23348
5.5 - Medium
- July 10, 2023
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
HCL Launch is vulnerable to HTML injection
CVE-2022-42452
5.4 - Medium
- April 02, 2023
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.
XSS
HCL Launch could allow a user with administrative privileges
CVE-2022-42445
4.9 - Medium
- December 12, 2022
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
CVE-2022-27551
6.5 - Medium
- August 03, 2022
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
AuthZ
HCL Launch may store certain data for recurring activities in a plain text format.
CVE-2022-27549
5.5 - Medium
- July 06, 2022
HCL Launch may store certain data for recurring activities in a plain text format.
Cleartext Storage of Sensitive Information
HCL Launch stores user credentials in plain clear text
CVE-2022-27548
5.5 - Medium
- July 06, 2022
HCL Launch stores user credentials in plain clear text which can be read by a local user.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltechsw Hcl Launch or by Hcltechsw? Click the Watch button to subscribe.