This page lists publicly disclosed CVE vulnerabilities affecting hcltechsw hcl_launch (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-59849 | Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | [email protected] | 4.7 | 0.05% | 2025-12-17 | 2026-01-06 |
| CVE-2025-55254 | Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. | [email protected] | 3.7 | 0.03% | 2025-12-17 | 2026-01-06 |
| CVE-2025-62329 | HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions. | [email protected] | 5.0 | 0.04% | 2025-12-16 | 2026-01-07 |
| CVE-2025-0272 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | [email protected] | 5.4 | 0.34% | 2025-04-03 | 2025-04-10 |
| CVE-2025-0257 | HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | [email protected] | 6.3 | 0.26% | 2025-04-02 | 2025-04-10 |
| CVE-2025-0273 | HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | [email protected] | 5.5 | 0.13% | 2025-03-27 | 2025-04-11 |
| CVE-2025-0255 | HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | [email protected] | 7.2 | 0.62% | 2025-03-24 | 2025-04-11 |
| CVE-2025-0256 | HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | [email protected] | 4.3 | 0.20% | 2025-03-24 | 2025-04-11 |
| CVE-2024-42196 | HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | [email protected] | 6.2 | 0.10% | 2024-12-06 | 2025-04-14 |
| CVE-2024-42195 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | [email protected] | 3.1 | 1.11% | 2024-12-05 | 2025-04-21 |
| CVE-2024-23561 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | [email protected] | 4.3 | 0.38% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23558 | HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | [email protected] | 6.3 | 0.12% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23560 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | [email protected] | 4.4 | 0.09% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23559 | HCL DevOps Deploy / Launch is generating an obsolete HTTP header. | [email protected] | 6.1 | 0.41% | 2024-04-15 | 2025-04-11 |
| CVE-2024-23550 | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | [email protected] | 6.2 | 0.05% | 2024-02-03 | 2025-06-03 |
| CVE-2023-45702 | An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. | [email protected] | 6.2 | 0.04% | 2023-12-28 | 2024-11-21 |
| CVE-2023-45701 | HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | [email protected] | 4.3 | 0.13% | 2023-12-28 | 2024-11-21 |
| CVE-2023-45700 | HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | [email protected] | 4.3 | 0.14% | 2023-12-21 | 2024-11-21 |
| CVE-2023-45703 | HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. | [email protected] | 5.3 | 0.08% | 2023-12-21 | 2024-11-21 |
| CVE-2023-23348 | HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | [email protected] | 5.1 | 0.07% | 2023-07-10 | 2024-11-21 |