CVE-2023-45700 - OpenCVE

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hcltechsw	Hcl Launch

Configuration 1 [-]

OR	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2023-12-21T00:10:11.246Z

Updated: 2023-12-21T00:10:11.246Z

Reserved: 2023-10-10T21:26:06.755Z

Link: CVE-2023-45700

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-21T01:15:32.997

Modified: 2024-01-02T16:47:07.460

Link: CVE-2023-45700

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "266AA98B-117B-4595-BEC5-6F6D8AAEB766", "versionEndIncluding": "7.1.2.14", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DB3712-458B-46C4-BCEF-D3F479F0E353", "versionEndIncluding": "7.2.3.7", "versionStartIncluding": "7.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "7607DCB2-257F-4908-8E86-3A820F857314", "versionEndIncluding": "7.3.2.2", "versionStartIncluding": "7.3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\n"}, {"lang": "es", "value": "HCL Launch es vulnerable a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial."}], "id": "CVE-2023-45700", "lastModified": "2024-01-02T16:47:07.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2023-12-21T01:15:32.997", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}