Impact
The vulnerability in HCL DevOps Deploy / HCL Launch allows application log files to contain potentially sensitive information that can be read by a local user. This flaw permits disclosure of confidential data that should not be exposed, directly compromising privacy and potentially exposing other system secrets. The flaw is a classic example of CWE‑532, where application logs unintentionally reveal critical information.
Affected Systems
The affected vendor is HCLSoftware and the product is HCL DevOps Deploy / HCL Launch. Specific affected versions are not listed in the information provided, so all currently deployed instances may be susceptible until a fix is applied.
Risk and Exploitability
The CVSS score of 6.2 indicates moderate severity, and the EPSS score of less than 1% shows a very low probability of exploitation under current conditions. The flaw is not listed in CISA KEV, meaning no known public exploits have been officially reported. The likely attack vector is local; an attacker who already has local user access could read the log files and obtain sensitive information. While the risk is moderate, the low exploitation likelihood reduces urgency, however patching remains the advised course of action.
OpenCVE Enrichment