CVE-2024-42196

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::

History

14 Apr 2025, 17:16

Type	Values Removed	Values Added
First Time		Hcltechsw Hcltechsw hcl Launch
Summary		(es) HCL Launch almacena información potencialmente confidencial en archivos de registro que podrían ser leídos por un usuario local con acceso a los registros de solicitudes HTTP.
CPE		cpe:2.3:a:hcltechsw:hcl_launch::::::::
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910 - Vendor Advisory

06 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-06 15:15

Updated : 2025-04-14 17:16

NVD link : CVE-2024-42196

Mitre link : CVE-2024-42196

CVE.ORG link : CVE-2024-42196

JSON object : View

Products Affected

hcltechsw

hcl_launch

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-42196", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-12-06T15:15:08.550", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}, {"lang": "es", "value": "HCL Launch almacena informaci\u00f3n potencialmente confidencial en archivos de registro que podr\u00edan ser le\u00eddos por un usuario local con acceso a los registros de solicitudes HTTP."}], "lastModified": "2025-04-14T17:16:43.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53C7668-7AF7-40AA-B3CF-CC40C4A443F0", "versionEndExcluding": "7.0.5.25", "versionStartIncluding": "7.0.0.0"}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54C4744F-A34C-4755-8FCA-F420BE623811", "versionEndExcluding": "7.1.2.21", "versionStartIncluding": "7.1.0.0"}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C46FED1-2EAC-489D-9AFD-FAFED9D27947", "versionEndExcluding": "7.2.3.14", "versionStartIncluding": "7.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}