CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23348 – HCL Launch is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-23348
10 Jul 2023 — HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42452
https://notcve.org/view.php?id=CVE-2022-42452
30 Mar 2023 — HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42445 – HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
https://notcve.org/view.php?id=CVE-2022-42445
28 Nov 2022 — HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. HCL Launch podría permitir a un usuario con privilegios administrativos, incluidos permisos de "Administrar seguridad", la capacidad de recuperar una credencial previamente guardada para realizar búsquedas LDAP autenticadas. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208 •