Hcltechsw
hcltechsw
47 CVEs • 11 products
Products (11)
Click to collapseToggle
Products (11)
Click to collapse
CVEs (47)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchJan 6, 2026 Dec 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchJan 6, 2026 Dec 17, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchJan 7, 2026 Dec 16, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could le...Show more |
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access cou...Show more |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 10, 2025 Apr 3, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 10, 2025 Apr 2, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Mar 27, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Mar 24, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Mar 24, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. |
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. |
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 21, 2025 Dec 5, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. |
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
|
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Apr 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
|
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Apr 15, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
|
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Apr 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
|
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchApr 11, 2025 Apr 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
|
1Hcltechsw 2Hcl Devops Deploy Hcl LaunchJun 3, 2025 Feb 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
|
1Hcltechsw 1Bigfix Bare Osd Metal Server Webui Jun 3, 2025 Jan 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser.
|
1Hcltechsw 1Bigfix Bare Osd Metal Server Webui Nov 21, 2024 Jan 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser.
|