Description
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.
Published: 2026-07-09
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in HCL DevOps Deploy / HCL Launch allows application log files to contain potentially sensitive information that can be read by a local user. This flaw permits disclosure of confidential data that should not be exposed, directly compromising privacy and potentially exposing other system secrets. The flaw is a classic example of CWE‑532, where application logs unintentionally reveal critical information.

Affected Systems

The affected vendor is HCLSoftware and the product is HCL DevOps Deploy / HCL Launch. Specific affected versions are not listed in the information provided, so all currently deployed instances may be susceptible until a fix is applied.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity, and the EPSS score of less than 1% shows a very low probability of exploitation under current conditions. The flaw is not listed in CISA KEV, meaning no known public exploits have been officially reported. The likely attack vector is local; an attacker who already has local user access could read the log files and obtain sensitive information. While the risk is moderate, the low exploitation likelihood reduces urgency, however patching remains the advised course of action.

Generated by OpenCVE AI on July 9, 2026 at 22:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official HCL patch or update to the latest version from the vendor’s support site
  • Configure the application to avoid logging sensitive data such as passwords or keys
  • Restrict file permissions on log directories so that only privileged accounts can read them

Generated by OpenCVE AI on July 9, 2026 at 22:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 09:30:00 +0000

Type Values Removed Values Added
Description HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.
Title HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-07-09T12:37:09.372Z

Reserved: 2026-06-22T13:38:32.650Z

Link: CVE-2026-56459

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T23:00:05Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File