Versions
7.0.0.0-7.0.52; 7.1.0.0-7.1.0.1.ifix01; 7.2.0.0-7.2.3.0
7.2-7.2.3.7, 7.3-7.3.2.2
7.0-7.0.5.18, 7.1-7.1.2.14, 7.2-7.2.3.7, 7.3-7.3.2.2
< 6.2.7.18, 7.0-7.0.5.13, 7.1-7.1.2.9, 7.2-7.2.3.2, 7.3
6.2-6.2.7.19, 7.0-7.0.5.14, 7.1-7.1.2.10, 7.2.0.0-7.2.3.3, 7.3.0.0-7.3.0.1
< 6.2.7.16, 7-7.0.5.11, 7.1-7.1.2.7; 7.2-7.2.3.0
7.2.2.1, 7.1.2.6, 7.0.5.10
6.2.7.0-6.2.7.17, 7.0.0.0-7.0.5.12, 7.1.0.0-7.1.2.8, 7.2.0.0-7.2.3.1
7.1-7.1.2.14, 7.2-7.2.3.7, 7.3-7.3.2.2
Recent CVEs
CVE-2023-45702
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
CVE-2023-45701
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-45700
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2023-45703
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
CVE-2023-23348
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
CVE-2022-42452
HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.
CVE-2022-42445
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
CVE-2021-27784
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.