CVE-2022-42452
https://notcve.org/view.php?id=CVE-2022-42452
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-42445 – HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
https://notcve.org/view.php?id=CVE-2022-42445
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. HCL Launch podría permitir a un usuario con privilegios administrativos, incluidos permisos de "Administrar seguridad", la capacidad de recuperar una credencial previamente guardada para realizar búsquedas LDAP autenticadas. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208 •
CVE-2022-27551 – HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551)
https://notcve.org/view.php?id=CVE-2022-27551
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. HCL Launch podría permitir a un usuario autenticado obtener información confidencial en algunos casos debido a una comprobación de seguridad inapropiada • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099732 • CWE-863: Incorrect Authorization •
CVE-2022-27549 – HCL Launch could disclose sensitive database information to a local user in plain text.
https://notcve.org/view.php?id=CVE-2022-27549
HCL Launch may store certain data for recurring activities in a plain text format. HCL Launch puede almacenar determinados datos para actividades recurrentes en un formato de texto plano • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-27548 – HCL Launch is vulnerable to information disclosure which can be read by a local user.
https://notcve.org/view.php?id=CVE-2022-27548
HCL Launch stores user credentials in plain clear text which can be read by a local user. HCL Launch almacena las credenciales de los usuarios en texto sin cifrar que puede ser leído por un usuario local • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •