Search Results (7 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56459 1 Hcltech 2 Devops Deploy, Launch 2026-07-10 6.2 Medium
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-56458 1 Hcltech 1 Devops Deploy 2026-07-10 5.4 Medium
HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVE-2026-56460 1 Hcltech 2 Devops Deploy, Launch 2026-07-10 6.5 Medium
HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
CVE-2026-56457 1 Hcltech 1 Devops Deploy 2026-06-29 4.3 Medium
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.
CVE-2025-62327 2 Hcltech, Hcltechsw 2 Devops Deploy, Hcl Devops Deploy 2026-01-29 4.9 Medium
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
CVE-2025-62329 2 Hcltech, Hcltechsw 3 Devops Deploy, Hcl Devops Deploy, Hcl Launch 2026-01-07 5 Medium
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
CVE-2025-62330 2 Hcltech, Hcltechsw 2 Devops Deploy, Hcl Devops Deploy 2026-01-07 5.9 Medium
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.