Information Disclosure Vulnerability in HCL DevOps Deploy by HCL Software
CVE-2025-0256

6.5MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Devops Deploy / HCL Software Launch
Vendor: CVE Published:; 24 March 2025

Summary

HCL DevOps Deploy and HCL Launch present a security concern that permits authenticated users to access sensitive information regarding other users on the platform. This vulnerability arises from a lack of proper authorization checks, which could lead to unauthorized disclosures of user data and potentially compromise user privacy. Affected users should review their access controls and upgrade to the latest versions to mitigate risks associated with this issue.

Affected Version(s)

HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.25; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1.0.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 24, 2025
Vulnerability Reserved
Jan 6, 2025