CVE-2024-42195

MEDIUM EPSS 19.7%

Published Dec 5, 20241y ago · Modified Jun 17, 20261w ago

6.8 CVSS 3.1

Medium

Published Dec 5, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVSS Details

Base Score

6.8

Exploitability

2.3

Impact

4.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

19.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-80

Affected Products 5

Vendor	Product	Version	Range
hcltechsw	hcl_devops_deploy	*	≥8.0.0.0 – <8.0.1.4
hcltechsw	hcl_launch	*	≥7.0.0.0 – <7.0.5.25
hcltechsw	hcl_launch	*	≥7.1.0.0 – <7.1.2.21
hcltechsw	hcl_launch	*	≥7.2.0.0 – <7.2.3.14
hcltechsw	hcl_launch	*	≥7.3.0.0 – <7.3.2.9

References 1

support.hcl-software.com https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117908

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.