VYPR

Hcl Devops Deploy

by HCL DevOps Deploy

CVEs (14)

  • CVE-2024-22358MedApr 12, 2024
    risk 0.41cvss 6.3epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. …

  • CVE-2024-23559MedApr 15, 2024
    risk 0.40cvss 6.1epss 0.00

    HCL DevOps Deploy / Launch is generating an obsolete HTTP header.

  • CVE-2024-22359MedApr 12, 2024
    risk 0.40cvss 6.1epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…

  • CVE-2024-23560MedApr 15, 2024
    risk 0.29cvss 4.4epss 0.00

    HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.

  • CVE-2024-22334MedApr 12, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a…

  • CVE-2024-23561MedApr 15, 2024
    risk 0.28cvss 4.3epss 0.00

    HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

  • CVE-2024-22339MedApr 12, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM…

  • CVE-2025-62327Jan 7, 2026
    risk 0.00cvss epss 0.00

    In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.

  • CVE-2025-62329Dec 16, 2025
    risk 0.00cvss epss 0.00

    HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

  • CVE-2025-62330Dec 16, 2025
    risk 0.00cvss epss 0.00

    HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related…

  • CVE-2025-13489Dec 15, 2025
    risk 0.00cvss epss 0.00

    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

  • CVE-2025-14148Dec 15, 2025
    risk 0.00cvss epss 0.00

    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.

  • CVE-2025-36360Dec 15, 2025
    risk 0.00cvss epss 0.00

    IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a…

  • CVE-2025-36162Sep 2, 2025
    risk 0.00cvss epss 0.00

    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.