CVE-2024-42196 - Vulnerability Details - OpenCVE

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltechsw	Hcl Launch

Configuration 1 [-]

OR	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::

No data.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910

History

Mon, 14 Apr 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltechsw Hcltechsw hcl Launch
CPEs		cpe:2.3:a:hcltechsw:hcl_launch::::::::
Vendors & Products		Hcltechsw Hcltechsw hcl Launch

Fri, 06 Dec 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
Description		HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
Title		HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability
Weaknesses		CWE-532
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-12-06T14:47:34.691Z

Updated: 2024-12-06T17:46:09.269Z

Reserved: 2024-07-29T21:32:08.372Z

Link: CVE-2024-42196

Vulnrichment

Updated: 2024-12-06T17:46:05.400Z

NVD

Status : Analyzed

Published: 2024-12-06T15:15:08.550

Modified: 2025-04-14T17:16:43.817

Link: CVE-2024-42196

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42196", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-07-29T21:32:08.372Z", "datePublished": "2024-12-06T14:47:34.691Z", "dateUpdated": "2024-12-06T17:46:09.269Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Launch", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "7.0 - 7.0.5.24, 7.1 - 7.1.2.20, 7.2 - 7.2.3.13"}]}], "datePublic": "2024-12-06T04:34:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}], "value": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-12-06T14:47:34.691Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-06T17:45:59.793618Z", "id": "CVE-2024-42196", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T17:46:09.269Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42196", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-06T17:45:59.793618Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T17:46:05.400Z"}}], "cna": {"title": "HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "Launch", "versions": [{"status": "affected", "version": "7.0 - 7.0.5.24, 7.1 - 7.1.2.20, 7.2 - 7.2.3.13"}], "defaultStatus": "unaffected"}], "datePublic": "2024-12-06T04:34:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.", "supportingMedia": [{"type": "text/html", "value": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-12-06T14:47:34.691Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42196", "state": "PUBLISHED", "dateUpdated": "2024-12-06T17:46:09.269Z", "dateReserved": "2024-07-29T21:32:08.372Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-12-06T14:47:34.691Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "A53C7668-7AF7-40AA-B3CF-CC40C4A443F0", "versionEndExcluding": "7.0.5.25", "versionStartIncluding": "7.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "54C4744F-A34C-4755-8FCA-F420BE623811", "versionEndExcluding": "7.1.2.21", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C46FED1-2EAC-489D-9AFD-FAFED9D27947", "versionEndExcluding": "7.2.3.14", "versionStartIncluding": "7.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."}, {"lang": "es", "value": "HCL Launch almacena informaci\u00f3n potencialmente confidencial en archivos de registro que podr\u00edan ser le\u00eddos por un usuario local con acceso a los registros de solicitudes HTTP."}], "id": "CVE-2024-42196", "lastModified": "2025-04-14T17:16:43.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-06T15:15:08.550", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117910"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@hcl.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}