Sensitive Information Exposure in HCL Launch
CVE-2024-42196

5.5MEDIUM

Key Information:

Vendor
CVE Published:
6 December 2024

Summary

The vulnerability involves HCL Launch's handling of sensitive information, which is logged in files accessible through HTTP request logs. Local users with access to these logs can read potentially sensitive data, leading to significant security risks. It is critical for organizations using HCL Launch to implement proper logging controls and limit access to log files to mitigate this risk. Users and administrators are advised to review their logging configurations and consider additional protective measures to enhance data security.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.