CVE-2022-42445

Published: Dec 12, 2022Modified: Apr 25, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.

Affected (4)

Products: Hcltechsw: Hcl Launch

Hcltechsw

1 product

Hcl Launch

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Launch	From 6.2.7.0 to 6.2.7.17
Hcltechsw Hcl Launch	From 7.0.0.0 to 7.0.5.12
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.8
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.1

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.