Filtered by vendor Hcltechsw
Subscribe
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62327 | 1 Hcltechsw | 1 Hcl Devops Deploy | 2026-01-29 | N/A | 4.9 MEDIUM |
| In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries. | |||||
| CVE-2025-62329 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2026-01-07 | N/A | 5.0 MEDIUM |
| HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions. | |||||
| CVE-2025-62330 | 1 Hcltechsw | 1 Hcl Devops Deploy | 2026-01-07 | N/A | 5.9 MEDIUM |
| HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks. | |||||
| CVE-2025-55254 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2026-01-06 | N/A | 3.7 LOW |
| Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. | |||||
| CVE-2025-59849 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2026-01-06 | N/A | 4.7 MEDIUM |
| Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | |||||
| CVE-2024-23576 | 1 Hcltechsw | 1 Hcl Commerce | 2025-06-17 | N/A | 7.1 HIGH |
| Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | |||||
| CVE-2024-23550 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-06-03 | N/A | 6.2 MEDIUM |
| HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | |||||
| CVE-2023-37523 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2025-06-03 | N/A | 5.6 MEDIUM |
| Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. | |||||
| CVE-2022-42445 | 1 Hcltechsw | 1 Hcl Launch | 2025-04-25 | N/A | 4.9 MEDIUM |
| HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | |||||
| CVE-2024-42195 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-21 | N/A | 3.1 LOW |
| HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2022-44756 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. | |||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. | |||||
| CVE-2024-42196 | 1 Hcltechsw | 1 Hcl Launch | 2025-04-14 | N/A | 6.2 MEDIUM |
| HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | |||||
| CVE-2024-23560 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 4.4 MEDIUM |
| HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | |||||
| CVE-2024-23561 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 4.3 MEDIUM |
| HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | |||||
| CVE-2024-23558 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 6.3 MEDIUM |
| HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-0255 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 7.2 HIGH |
| HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | |||||
| CVE-2025-0256 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 4.3 MEDIUM |
| HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | |||||
| CVE-2025-0273 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 5.5 MEDIUM |
| HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | |||||
| CVE-2024-23559 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 6.1 MEDIUM |
| HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | |||||