Lucene search

HCLCVELIST:CVE-2022-27549

HistoryJul 06, 2022 - 8:25 p.m.

CVE-2022-27549 HCL Launch could disclose sensitive database information to a local user in plain text.

2022-07-0620:25:14

CWE-532

HCL

www.cve.org

hcl launch

sensitive data

plain text

database disclosure

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

Percentile

12.6%

JSON

HCL Launch may store certain data for recurring activities in a plain text format.

CNA Affected

[
  {
    "product": "HCL Launch",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.2.1, 7.1.2.6, 7.0.5.10"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-27549