A new vulnerability has been discovered in HCL DevOps Deploy and HCL Launch, raising concerns among security researchers and users alike. This vulnerability, known as CVE-2024-42195, allows users to embed arbitrary HTML tags within the Web UI, potentially leading to the disclosure of sensitive information to unauthorized individuals.
The nature of this vulnerability is concerning, as it opens up the possibility of attackers injecting malicious HTML content into the Web UI of HCL DevOps Deploy and HCL Launch. If exploited successfully, this vulnerability could result in the exposure of sensitive information, jeopardizing the data integrity and confidentiality of users interacting with these platforms.
While the impact of the exploit could be severe in certain configurations, the complexity of successful exploitation is considered high. The relatively low CVSS score indicates that lower privileges and no user interaction are required for successful exploitation. Therefore, it is crucial for users to take immediate action to mitigate this risk.
The affected products and versions include HCL Launch versions 7.0 – 7.0.5.24, 7.1 – 7.1.2.20, 7.2 – 7.2.3.13, 7.3 – 7.3.2.8, and HCL DevOps Deploy version 8.0 – 8.0.1.3. To address this vulnerability, HCL Software recommends that users update their systems to the latest patched versions.
For HCL Launch, users should upgrade to versions 7.0.5.25, 7.1.2.21, 7.2.3.14, or 7.3.2.9. For HCL DevOps Deploy, the recommended action is to upgrade to version 8.0.1.4 or higher. These updates can be accessed through the HCL Software License and Download Portal, and organizations are advised to apply these patches promptly to safeguard their environments.
At present, there are no workarounds or alternative mitigations available for this vulnerability. Therefore, users are strongly encouraged to apply the recommended updates as the primary method of addressing this issue and reducing the risk of potential exploitation.
It is essential for organizations to prioritize cybersecurity measures and stay vigilant against emerging threats like the vulnerability in HCL DevOps Deploy and HCL Launch. By taking proactive steps to secure their systems and software, users can protect their sensitive information and maintain the integrity of their data.