CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0273 – HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability
https://notcve.org/view.php?id=CVE-2025-0273
27 Mar 2025 — HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120138 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0255 – HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability
https://notcve.org/view.php?id=CVE-2025-0255
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119060 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0256 – HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-0256
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23558 – HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
https://notcve.org/view.php?id=CVE-2024-23558
15 Apr 2024 — HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. HCL DevOps Deploy/HCL Launch no invalida la sesión después del cierre de sesión, lo que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111923 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23561 – HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23561
15 Apr 2024 — HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. HCL DevOps Deploy/HCL Launch es afectado por una vulnerabilidad de divulgación de información confidencial debido a una ofuscación insuficiente de los valores confidenciales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111926 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23560 – HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type
https://notcve.org/view.php?id=CVE-2024-23560
15 Apr 2024 — HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. HCL DevOps Deploy/HCL Launch podría ser vulnerable a una revocación incompleta de permisos al eliminar un tipo de recurso de seguridad personalizado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111925 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23559 – HCL DevOps Deploy / Launch is generating an obsolete HTTP header
https://notcve.org/view.php?id=CVE-2024-23559
15 Apr 2024 — HCL DevOps Deploy / Launch is generating an obsolete HTTP header. HCL DevOps Deploy/Launch está generando un encabezado HTTP obsoleto. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111924 •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23550 – HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-23550
03 Feb 2024 — HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. HCL DevOps Deploy/HCL Launch (UCD) podría revelar información confidencial del usuario al instalar el agente de Windows. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37523 – HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
https://notcve.org/view.php?id=CVE-2023-37523
16 Jan 2024 — Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. Las etiquetas faltantes o inseguras en HCL BigFix Bare OSD Metal Server WebUI versión 311.19 o anterior podrían permitir a un atacante ejecutar un script malicioso en el navegador del usuario. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37522 – HCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
https://notcve.org/view.php?id=CVE-2023-37522
16 Jan 2024 — HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. HCL BigFix Bare OSD Metal Server WebUI versión 311.19 o anterior tiene etiquetas faltantes o inseguras que podrían permitir a un atacante ejecutar un script malicioso en el navegador del usuario. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754 •