Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
hcltechsw
1147019.5%CRITICAL

Related CVEs

47
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-62327In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.MEDIUM4.912.7%Jan 7, 2026
CVE-2025-59849Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.MEDIUM6.15.3%Dec 17, 2025
CVE-2025-55254Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.MEDIUM4.86.2%Dec 17, 2025
CVE-2025-62329HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.MEDIUM5.65.6%Dec 16, 2025
CVE-2025-62330HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.MEDIUM5.93.2%Dec 16, 2025
CVE-2025-0272HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.HIGH7.612.2%Apr 3, 2025
CVE-2025-0257HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.HIGH7.519.6%Apr 2, 2025
CVE-2025-0273HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.MEDIUM5.54.2%Mar 27, 2025
CVE-2025-0255HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.HIGH7.245.4%Mar 24, 2025
CVE-2025-0256HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.MEDIUM6.516.9%Mar 24, 2025
CVE-2024-42196HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.MEDIUM5.54.6%Dec 6, 2024
CVE-2024-42195HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.MEDIUM6.819.7%Dec 5, 2024
CVE-2024-23576Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. HIGH7.136.1%May 14, 2024
CVE-2024-23561HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. MEDIUM4.327.9%Apr 15, 2024
CVE-2024-23558HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. MEDIUM6.322.4%Apr 15, 2024
CVE-2024-23560HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. MEDIUM4.924.1%Apr 15, 2024
CVE-2024-23559HCL DevOps Deploy / Launch is generating an obsolete HTTP header. MEDIUM6.122.5%Apr 15, 2024
CVE-2024-23550HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. MEDIUM5.511.7%Feb 3, 2024
CVE-2023-37523Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. CRITICAL9.831.1%Jan 16, 2024
CVE-2023-37522HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. CRITICAL9.833.1%Jan 16, 2024