CNNVD-202512-2892 Information

Dec 16, 2025 cve

CNNVD ID

CNNVD-202512-2892

CVE-2025-62329

CNNVD Published: 2025-12-16

Description (Chinese)

HCL Launch和HCL DevOps Deploy都是印度HCL公司的产品。HCL Launch是一款多功能的企业级持续交付自动化软件。用于处理 DevOps 中最复杂的部署流程。HCL DevOps Deploy是一款应用程序。可以使用灵活的基于团队和基于角色的安全模型，映射到您的组织结构。 HCL Launch和HCL DevOps Deploy存在安全漏洞，该漏洞源于HTTP会话客户端IP绑定执行中存在竞争条件，可能导致未经授权访问。

Description (English)

HCL Launch and HCL DevOps Deploy are products of HCL India. HCL Launch is a multifunctional enterprise-level, continuous delivery automation software. For the most complex deployment process in DevOps. HCL DevOps Deploy is an application. A flexible team- and role-based security model can be used to map your organizational structure. There is a security loophole between HCL Launch and HCL DevOps Deploy, which stems from the competitive conditions in the IP binding of the HTTP session client, which may lead to unauthorized access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HCL

Published

2025-12-16

Last Modified

2026-02-24

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Patch

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Share on: