CVE-2023-45701 – HCL Launch is susceptible to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45701
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. HCL Launch podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108645 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-45700 – HCL Launch is susceptible to an HTML injection vulnerability
https://notcve.org/view.php?id=CVE-2023-45700
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. HCL Launch es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-45703 – HCL Launch is susceptible to a Denial of Service vulnerability
https://notcve.org/view.php?id=CVE-2023-45703
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. HCL Launch puede manejar mal la validación de entrada de un archivo cargado, lo que lleva a una denegación de servicio debido al agotamiento de los recursos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108649 •
CVE-2023-23348 – HCL Launch is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-23348
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978 •
CVE-2022-42452
https://notcve.org/view.php?id=CVE-2022-42452
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •