This page lists publicly disclosed CVE vulnerabilities affecting hcltechsw hcl_devops_deploy (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-62327 | In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries. | [email protected] | 4.9 | 0.03% | 2026-01-07 | 2026-01-29 |
| CVE-2025-59849 | Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | [email protected] | 4.7 | 0.05% | 2025-12-17 | 2026-01-06 |
| CVE-2025-55254 | Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. | [email protected] | 3.7 | 0.03% | 2025-12-17 | 2026-01-06 |
| CVE-2025-62329 | HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions. | [email protected] | 5.0 | 0.04% | 2025-12-16 | 2026-01-07 |
| CVE-2025-62330 | HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks. | [email protected] | 5.9 | 0.02% | 2025-12-16 | 2026-01-07 |
| CVE-2025-0272 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | [email protected] | 5.4 | 0.34% | 2025-04-03 | 2025-04-10 |
| CVE-2025-0257 | HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | [email protected] | 6.3 | 0.26% | 2025-04-02 | 2025-04-10 |
| CVE-2025-0273 | HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | [email protected] | 5.5 | 0.13% | 2025-03-27 | 2025-04-11 |
| CVE-2025-0255 | HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | [email protected] | 7.2 | 0.62% | 2025-03-24 | 2025-04-11 |
| CVE-2025-0256 | HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | [email protected] | 4.3 | 0.20% | 2025-03-24 | 2025-04-11 |
| CVE-2024-42195 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | [email protected] | 3.1 | 1.11% | 2024-12-05 | 2025-04-21 |
| CVE-2024-23561 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | [email protected] | 4.3 | 0.38% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23558 | HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | [email protected] | 6.3 | 0.12% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23560 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | [email protected] | 4.4 | 0.09% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23559 | HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | [email protected] | 6.1 | 0.41% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23550 | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | [email protected] | 6.2 | 0.05% | 2024-02-03 | 2025-06-03 |