Hcl Launch
CVE-2022-42445
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
AnalysisAI
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. Affected products include: Hcltechsw Hcl Launch.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.
More in Hcl Launch
View allHCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exh
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on t
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. Rated medium severity (CVSS 6.8), this vulnerability is
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is retu
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to imper
HCL DevOps Deploy / Launch is generating an obsolete HTTP header. Rated medium severity (CVSS 6.1), this vulnerability i
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. Rated
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today