DevOps Deploy / HCL Launch
by HCL Software
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62329 | 0.00 | — | 0.00 | Dec 16, 2025 | HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions. | |||
| CVE-2025-0272 | 0.00 | — | 0.00 | Apr 3, 2025 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||
| CVE-2025-0257 | 0.00 | — | 0.00 | Apr 2, 2025 | HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||
| CVE-2025-0273 | 0.00 | — | 0.00 | Mar 27, 2025 | HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | |||
| CVE-2025-0255 | 0.00 | — | 0.01 | Mar 24, 2025 | HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | |||
| CVE-2025-0256 | 0.00 | — | 0.00 | Mar 24, 2025 | HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | |||
| CVE-2024-42195 | 0.00 | — | 0.01 | Dec 5, 2024 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||
| CVE-2024-23558 | 0.00 | — | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||
| CVE-2024-23561 | 0.00 | — | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | |||
| CVE-2024-23560 | 0.00 | — | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | |||
| CVE-2024-23559 | 0.00 | — | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | |||
| CVE-2024-23550 | 0.00 | — | 0.00 | Feb 3, 2024 | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. |
- CVE-2025-62329Dec 16, 2025risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
- CVE-2025-0272Apr 3, 2025risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
- CVE-2025-0257Apr 2, 2025risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
- CVE-2025-0273Mar 27, 2025risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
- CVE-2025-0255Mar 24, 2025risk 0.00cvss —epss 0.01
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
- CVE-2025-0256Mar 24, 2025risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
- CVE-2024-42195Dec 5, 2024risk 0.00cvss —epss 0.01
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
- CVE-2024-23558Apr 15, 2024risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
- CVE-2024-23561Apr 15, 2024risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
- CVE-2024-23560Apr 15, 2024risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
- CVE-2024-23559Apr 15, 2024risk 0.00cvss —epss 0.00
HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
- CVE-2024-23550Feb 3, 2024risk 0.00cvss —epss 0.00
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.