Sensitive Information Exposure in HCL Launch
CVE-2024-42196

5.5MEDIUM

Key Information:

Vendor: HCL Software
Status: HCL Software Launch
Vendor: CVE Published:; 6 December 2024

Summary

The vulnerability involves HCL Launch's handling of sensitive information, which is logged in files accessible through HTTP request logs. Local users with access to these logs can read potentially sensitive data, leading to significant security risks. It is critical for organizations using HCL Launch to implement proper logging controls and limit access to log files to mitigate this risk. Users and administrators are advised to review their logging configurations and consider additional protective measures to enhance data security.

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024