CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23558 – HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
https://notcve.org/view.php?id=CVE-2024-23558
15 Apr 2024 — HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. HCL DevOps Deploy/HCL Launch no invalida la sesión después del cierre de sesión, lo que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111923 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23550 – HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-23550
03 Feb 2024 — HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. HCL DevOps Deploy/HCL Launch (UCD) podría revelar información confidencial del usuario al instalar el agente de Windows. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334 •