CVE-2022-27549 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
HCL	CNA	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Vendor	Product	Version
hcltechsw	hcl_launch	7.0.5.10
hcltechsw	hcl_launch	7.1.2.6
hcltechsw	hcl_launch	7.2.2.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
CWE-312 - Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254