CVE-2025-62330

Medium CVSS: 5.9

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.

Vendor

Hcltechsw

Product

Hcl Devops Deploy

CWE

CWE-319

Yayın Tarihi

2025-12-16 07:15:53

Güncelleme

2026-01-07 21:05:18

Source Identifier

psirt@hcl.com

KEV Date Added

Kategoriler

CWE-319 Hcl Devops Deploy MEDIUM Hcltechsw 2025

Referanslar

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127333

Benzer Kayıtlar

Medium

CVE-2025-62327

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credenti…

Low

CVE-2025-55254

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.032…

Medium

CVE-2025-59849

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lo…

Medium

CVE-2025-62329

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which ma…

Medium

CVE-2025-0272

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary H…

Medium

CVE-2025-0257

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data…