Hcl Launch
Approved changes feed: RSS · Atom
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Hcltechsw (ba9bc489-c06a-5f16-aa3c-2bd0521574c9) |
|---|---|
| Product | Hcl Launch (4f982cb7-c7c8-50b1-ba96-4c32080ab4f2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-62329 |
vulnerable | 2026-06-08 07:37:29.519794 |
HCL DevOps Deploy / HCL Launch is susceptible to an insufficient session expiration vulnerability
MEDIUM (5)
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
Published: 2025-12-16T15:11:52.792Z
Updated: 2025-12-17T18:48:59.487Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59849 |
vulnerable | 2026-06-08 07:35:23.309332 |
HCL BigFix Remote Control is vulnerable to an insecure CSP configuration
MEDIUM (4.7)
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
Published: 2025-12-17T20:28:22.768Z
Updated: 2025-12-17T20:45:21.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55254 |
vulnerable | 2026-06-08 07:33:14.543506 |
HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI)
LOW (3.7)
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.
Published: 2025-12-17T20:46:39.219Z
Updated: 2025-12-18T15:09:36.545Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0273 |
vulnerable | 2026-06-08 07:02:24.080579 |
HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability
MEDIUM (5.5)
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
Published: 2025-03-27T05:03:12.079Z
Updated: 2025-03-27T14:37:02.362Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0272 |
vulnerable | 2026-06-08 07:02:24.079994 |
HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
MEDIUM (5.4)
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Published: 2025-04-03T14:56:13.459Z
Updated: 2025-04-04T20:22:05.908Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0257 |
vulnerable | 2026-06-08 07:02:24.079533 |
HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services
MEDIUM (6.3)
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
Published: 2025-04-02T22:04:02.098Z
Updated: 2025-04-03T19:17:23.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0256 |
vulnerable | 2026-06-08 07:02:24.079131 |
HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
MEDIUM (4.3)
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
Published: 2025-03-24T15:35:38.160Z
Updated: 2025-03-31T18:12:48.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0255 |
vulnerable | 2026-06-08 07:02:24.078255 |
HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability
HIGH (7.2)
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
Published: 2025-03-24T16:32:21.022Z
Updated: 2025-03-24T17:59:23.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42196 |
vulnerable | 2026-06-08 06:43:56.290712 |
HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability
MEDIUM (6.2)
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
Published: 2024-12-06T14:47:34.691Z
Updated: 2024-12-06T17:46:09.269Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42195 |
vulnerable | 2026-06-08 06:43:56.289209 |
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection
LOW (3.1)
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Published: 2024-12-05T04:47:28.191Z
Updated: 2024-12-05T11:13:25.028Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23561 |
vulnerable | 2026-06-08 06:29:39.950133 |
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability
MEDIUM (4.3)
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
Published: 2024-04-15T20:20:51.157Z
Updated: 2024-11-04T21:16:41.030Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23560 |
vulnerable | 2026-06-08 06:29:39.949731 |
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type
MEDIUM (4.4)
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
Published: 2024-04-15T19:22:57.295Z
Updated: 2024-11-06T21:13:17.053Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23559 |
vulnerable | 2026-06-08 06:29:39.949253 |
HCL DevOps Deploy / Launch is generating an obsolete HTTP header
MEDIUM (6.1)
HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
Published: 2024-04-15T17:31:17.734Z
Updated: 2024-12-04T16:46:26.331Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23558 |
vulnerable | 2026-06-08 06:29:39.940167 |
HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
MEDIUM (6.3)
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Published: 2024-04-15T21:00:12.401Z
Updated: 2024-11-01T18:35:31.536Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23550 |
vulnerable | 2026-06-08 06:29:39.918709 |
HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure
MEDIUM (6.2)
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
Published: 2024-02-03T05:32:58.107Z
Updated: 2025-06-03T18:37:19.443Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45703 |
vulnerable | 2026-06-08 06:12:43.145973 |
HCL Launch is susceptible to a Denial of Service vulnerability
MEDIUM (5.3)
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
Published: 2023-12-20T23:33:08.651Z
Updated: 2024-08-02T20:29:32.699Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45702 |
vulnerable | 2026-06-08 06:12:43.145418 |
HCL Launch Agent as a Windows service is vulnerable to a Denial of Service
MEDIUM (6.2)
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
Published: 2023-12-28T07:29:22.062Z
Updated: 2024-08-02T20:29:32.293Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45701 |
vulnerable | 2026-06-08 06:12:43.145085 |
HCL Launch is susceptible to sensitive information disclosure
MEDIUM (4.3)
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Published: 2023-12-28T07:03:01.753Z
Updated: 2024-08-02T20:29:31.596Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45700 |
vulnerable | 2026-06-08 06:12:43.144644 |
HCL Launch is susceptible to an HTML injection vulnerability
MEDIUM (4.3)
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Published: 2023-12-21T00:10:11.246Z
Updated: 2024-08-02T20:29:32.576Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23348 |
vulnerable | 2026-06-08 05:54:28.123359 |
HCL Launch is vulnerable to sensitive information disclosure
MEDIUM (5.1)
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
Published: 2023-07-10T17:06:35.454Z
Updated: 2024-10-29T19:12:17.621Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-42452 |
vulnerable | 2026-06-08 05:49:29.982029 |
Details available
MEDIUM (4.6)
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.
Published: 2023-03-30T20:37:43.755Z
Updated: 2025-02-12T14:55:27.554Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-42445 |
vulnerable | 2026-06-08 05:49:29.966657 |
HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
MEDIUM (4.9)
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
Published: 2022-11-28T14:54:28.817Z
Updated: 2025-04-25T15:04:53.111Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27551 |
vulnerable | 2026-06-08 05:41:56.711223 |
HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551)
MEDIUM (5.3)
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
Published: 2022-08-03T20:00:18.409Z
Updated: 2024-09-16T23:31:39.488Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.