Every CVE whose affected-product data names Hcltechsw Hcl Launch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2025-0255 — CVSS 7.2 (high): HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by…
CVE-2024-23558 — CVSS 6.3 (medium): HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user…
CVE-2025-0257 — CVSS 6.3 (medium): HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing…
CVE-2024-42196 — CVSS 6.2 (medium): HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
CVE-2023-45702 — CVSS 6.2 (medium): An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by…
CVE-2024-23550 — CVSS 6.2 (medium): HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2025-0273 — CVSS 5.5 (medium): HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local…
CVE-2025-0272 — CVSS 5.4 (medium): HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web…
CVE-2023-45703 — CVSS 5.3 (medium): HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
CVE-2022-27551 — CVSS 5.3 (medium): HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
CVE-2023-23348 — CVSS 5.1 (medium): HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
CVE-2025-62329 — CVSS 5.0 (medium): HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session…
CVE-2022-42445 — CVSS 4.9 (medium): HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential…
CVE-2025-59849 — CVSS 4.7 (medium): Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the…
CVE-2022-42452 — CVSS 4.6 (medium): HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such…
CVE-2024-23560 — CVSS 4.4 (medium): HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
CVE-2025-0256 — CVSS 4.3 (medium): HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to…
CVE-2023-45701 — CVSS 4.3 (medium): HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the…
CVE-2023-45700 — CVSS 4.3 (medium): HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially…
CVE-2026-56457 — CVSS 4.3 (medium): HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could…
CVE-2024-23561 — CVSS 4.3 (medium): HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive…
CVE-2025-55254 — CVSS 3.7 (low): Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may…
CVE-2024-42195 — CVSS 3.1 (low): HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web…