Sensitive Information Exposure in HCL Launch

CVE-2024-42196

Summary

The vulnerability involves HCL Launch's handling of sensitive information, which is logged in files accessible through HTTP request logs. Local users with access to these logs can read potentially sensitive data, leading to significant security risks. It is critical for organizations using HCL Launch to implement proper logging controls and limit access to log files to mitigate this risk. Users and administrators are advised to review their logging configurations and consider additional protective measures to enhance data security.

References