Hcl Devops Deploy

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.

Published: 2025-12-16T06:16:09.877Z
Updated: 2025-12-16T21:30:14.425Z

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

Published: 2025-12-16T15:11:52.792Z
Updated: 2025-12-17T18:48:59.487Z

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.

Published: 2026-01-07T15:17:32.375Z
Updated: 2026-01-07T15:26:29.105Z

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

Published: 2025-12-17T20:28:22.768Z
Updated: 2025-12-17T20:45:21.930Z

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.

Published: 2025-12-17T20:46:39.219Z
Updated: 2025-12-18T15:09:36.545Z

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.

Published: 2025-03-27T05:03:12.079Z
Updated: 2025-03-27T14:37:02.362Z

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Published: 2025-04-03T14:56:13.459Z
Updated: 2025-04-04T20:22:05.908Z

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

Published: 2025-04-02T22:04:02.098Z
Updated: 2025-04-03T19:17:23.547Z

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

Published: 2025-03-24T15:35:38.160Z
Updated: 2025-03-31T18:12:48.412Z

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

Published: 2025-03-24T16:32:21.022Z
Updated: 2025-03-24T17:59:23.661Z

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Published: 2024-12-05T04:47:28.191Z
Updated: 2024-12-05T11:13:25.028Z

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

Published: 2024-04-15T20:20:51.157Z
Updated: 2024-11-04T21:16:41.030Z

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.

Published: 2024-04-15T19:22:57.295Z
Updated: 2024-11-06T21:13:17.053Z

HCL DevOps Deploy / Launch is generating an obsolete HTTP header.

Published: 2024-04-15T17:31:17.734Z
Updated: 2024-12-04T16:46:26.331Z

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Published: 2024-04-15T21:00:12.401Z
Updated: 2024-11-01T18:35:31.536Z