Description
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- HCL Software / DevOps Deploy / Launch7.3 - 7.3.2.15; 8.0 - 8.0.1.10; 8.1 - 8.1.2.3 – 7.3 - 7.3.2.15; 8.0 - 8.0.1.10; 8.1 - 8.1.2.3