Vulnerabilities > Hcltechsw > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-27 | CVE-2025-0273 | Information Exposure Through Log Files vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | 5.5 |
| 2025-03-24 | CVE-2025-0256 | Missing Authentication for Critical Function vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 6.5 |
| 2024-12-06 | CVE-2024-42196 | Information Exposure Through Log Files vulnerability in Hcltechsw HCL Launch HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | 5.5 |
| 2024-12-05 | CVE-2024-42195 | Cross-site Scripting vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. | 6.8 |
| 2024-04-15 | CVE-2024-23558 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.3 |
| 2024-04-15 | CVE-2024-23561 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | 4.3 |
| 2024-04-15 | CVE-2024-23560 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | 4.9 |
| 2024-04-15 | CVE-2024-23559 | Unspecified vulnerability in Hcltechsw HCL Launch HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | 6.1 |
| 2024-02-03 | CVE-2024-23550 | Unspecified vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | 5.5 |
| 2024-01-16 | CVE-2023-37521 | Unspecified vulnerability in Hcltechsw Bigfix Bare OSD Metal Server Webui 311.19 HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | 5.3 |