Vulnerabilities > Hcltechsw > HCL Launch > 7.0.5.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-0272 | Cross-site Scripting vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. | 7.6 |
| 2025-03-27 | CVE-2025-0273 | Information Exposure Through Log Files vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | 5.5 |
| 2025-03-24 | CVE-2025-0255 | OS Command Injection vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | 7.2 |
| 2025-03-24 | CVE-2025-0256 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 6.5 |
| 2024-12-06 | CVE-2024-42196 | Information Exposure Through Log Files vulnerability in Hcltechsw HCL Launch HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | 5.5 |
| 2024-12-05 | CVE-2024-42195 | Cross-site Scripting vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. | 6.8 |
| 2024-04-15 | CVE-2024-23558 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.3 |
| 2024-04-15 | CVE-2024-23561 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | 4.3 |
| 2024-04-15 | CVE-2024-23560 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | 4.9 |
| 2024-04-15 | CVE-2024-23559 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | 6.1 |