Lately recognized by safety researchers, a brand new vulnerability in HCL DevOps Deploy and HCL Launch has emerged, permitting customers to embed arbitrary HTML tags inside the Internet UI.
This vulnerability tracked as CVE-2024-42195, poses a possible threat of delicate data disclosure to unauthorized people.
Beneath, we offer an in depth evaluation of the affected merchandise and variations, the character of the vulnerability, and beneficial actions to mitigate the danger.
Vulnerability Particulars
The vulnerability permits attackers to inject arbitrary HTML content material into the Internet UI of HCL DevOps Deploy and HCL Launch.
Free Webinar on Greatest Practices for API vulnerability & Penetration Testing: Free Registration
If efficiently exploited, this might result in the publicity of delicate data, probably impacting the information integrity and confidentiality of customers interacting with these platforms.
The comparatively low CVSS rating signifies that whereas the potential influence of the exploit may very well be extreme in sure configurations, the complexity of profitable exploitation is excessive, requiring decrease privileges and no consumer interplay.
Affected Merchandise and Variations
The next desk outlines the particular product variations affected by this vulnerability:
| Affected Product(s) | Model(s) |
| HCL Launch | 7.0 – 7.0.5.24 |
| HCL Launch | 7.1 – 7.1.2.20 |
| HCL Launch | 7.2 – 7.2.3.13 |
| HCL Launch | 7.3 – 7.3.2.8 |
| HCL DevOps Deploy | 8.0 – 8.0.1.3 |
HCLSoftware urges customers to replace their techniques to the newest patched variations to mitigate this vulnerability:
- HCL Launch: Improve to variations 7.0.5.25, 7.1.2.21, 7.2.3.14, 7.3.2.9
- HCL DevOps Deploy: Improve to model 8.0.1.4 or increased
These updates will be accessed via the HCL Software program License and Obtain Portal. Organizations should apply these patches promptly to safeguard their environments in opposition to potential exploitation.
At present, there are not any workarounds or various mitigations. Customers are strongly inspired to use the beneficial updates as the first methodology of addressing this problem.
Analyse Actual-World Malware & Phishing Assaults With ANY.RUN - Stand up to three Free Licenses