CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23348 – HCL Launch is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-23348
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42452
https://notcve.org/view.php?id=CVE-2022-42452
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42445 – HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
https://notcve.org/view.php?id=CVE-2022-42445
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. HCL Launch podría permitir a un usuario con privilegios administrativos, incluidos permisos de "Administrar seguridad", la capacidad de recuperar una credencial previamente guardada para realizar búsquedas LDAP autenticadas. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27551 – HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551)
https://notcve.org/view.php?id=CVE-2022-27551
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. HCL Launch podría permitir a un usuario autenticado obtener información confidencial en algunos casos debido a una comprobación de seguridad inapropiada • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099732 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27549 – HCL Launch could disclose sensitive database information to a local user in plain text.
https://notcve.org/view.php?id=CVE-2022-27549
HCL Launch may store certain data for recurring activities in a plain text format. HCL Launch puede almacenar determinados datos para actividades recurrentes en un formato de texto plano • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •