Vulnerabilities > Hcltechsw > HCL Launch > 7.0.5.25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-0272 | Cross-site Scripting vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. | 7.6 |
| 2025-03-27 | CVE-2025-0273 | Information Exposure Through Log Files vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | 5.5 |
| 2025-03-24 | CVE-2025-0255 | OS Command Injection vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | 7.2 |
| 2025-03-24 | CVE-2025-0256 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 6.5 |