Vulnerabilities
Vulnerable Software
Hcltechsw:  Security Vulnerabilities
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
6.2
EPSS Score
0.001
Published
2026-07-09
HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
CVSS Score
6.5
EPSS Score
0.004
Published
2026-07-09
HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-07-09
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-29
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
CVSS Score
4.9
EPSS Score
0.002
Published
2026-01-07
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.
CVSS Score
3.7
EPSS Score
0.002
Published
2025-12-17
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
CVSS Score
4.7
EPSS Score
0.002
Published
2025-12-17
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
CVSS Score
5.0
EPSS Score
0.002
Published
2025-12-16
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-12-16
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-04-03


Contact Us

Shodan ® - All rights reserved