CVE-2023-45700

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644	Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - Vendor Advisory~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 4.3

02 Jan 2024, 16:47

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hcltechsw:hcl_launch::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 5.4
CWE		CWE-79
Summary		(es) HCL Launch es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial.
First Time		Hcltechsw Hcltechsw hcl Launch
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 -~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - Vendor Advisory

21 Dec 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-21 01:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45700

Mitre link : CVE-2023-45700

CVE.ORG link : CVE-2023-45700

JSON object : View

Products Affected

hcltechsw

hcl_launch

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-45700", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-12-21T01:15:32.997", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\n"}, {"lang": "es", "value": "HCL Launch es vulnerable a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial."}], "lastModified": "2024-11-21T08:27:14.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "266AA98B-117B-4595-BEC5-6F6D8AAEB766", "versionEndIncluding": "7.1.2.14", "versionStartIncluding": "7.1.0.0"}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13DB3712-458B-46C4-BCEF-D3F479F0E353", "versionEndIncluding": "7.2.3.7", "versionStartIncluding": "7.2.0.0"}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7607DCB2-257F-4908-8E86-3A820F857314", "versionEndIncluding": "7.3.2.2", "versionStartIncluding": "7.3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}

4.3 /10