CVE-2023-23348 – HCL Launch is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-23348
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978 •
CVE-2022-42452
https://notcve.org/view.php?id=CVE-2022-42452
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-42445 – HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
https://notcve.org/view.php?id=CVE-2022-42445
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. HCL Launch podría permitir a un usuario con privilegios administrativos, incluidos permisos de "Administrar seguridad", la capacidad de recuperar una credencial previamente guardada para realizar búsquedas LDAP autenticadas. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208 •