Impersonation Vulnerability in HCL DevOps Deploy / HCL Launch
CVE-2024-23558

6.3MEDIUM

Key Information:

Vendor: Hcl Software
Status: Devops Deploy / Launch
Vendor: CVE Published:; 15 April 2024

🔔 Create Hcl Software Vulnerability Alert

What is CVE-2024-23558?

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Affected Version(s)

DevOps Deploy / Launch 7.0 - 7.0.5.20, 7.1 - 7.1.2.16, 7.2 - 7.2.3.9, 7.3 - 7.3.2.4, 8.0 - 8.0.0.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Jan 18, 2024

JSON