CVE-2024-23558

Published: Apr 15, 2024Modified: Apr 11, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: NVD

Description

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Affected (5)

Products: Hcltechsw: Hcl Devops Deploy, Hcl Launch

Hcltechsw

2 products

Hcl Devops Deploy

Hcl Launch

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Devops Deploy	From 8.0.0.0 to 8.0.1
Hcltechsw Hcl Launch	From 7.0.0.0 to 7.0.5.21
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.17
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.10
Hcltechsw Hcl Launch	From 7.3.0.0 to 7.3.2.5

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111923

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111923

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.