Hcltechsw: >> Hcl Launch >> 7.0.5.25 Security Vulnerabilities
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-03
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-27
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-03-24
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-03-24