What is CVE-2022-42445?

CVE-2022-42445 is a vulnerability in HCL Launch that could allow a user with administrative privileges to recover a previously saved credential for performing authenticated LDAP searches.

How severe is CVE-2022-42445?

CVE-2022-42445 has a severity rating of 4.9, which is considered medium.

Which versions of HCL Launch are affected by CVE-2022-42445?

HCL Launch versions 6.2.7.0 to 6.2.7.17, 7.0.0.0 to 7.0.5.12, 7.1.0.0 to 7.1.2.8, and 7.2.0.0 to 7.2.3.1 are affected by CVE-2022-42445.

How can I fix CVE-2022-42445 in HCL Launch?

To fix CVE-2022-42445 in HCL Launch, it is recommended to apply the necessary patches or updates provided by HCL Technologies.

Vulnerability/
CVE-2022-42445

medium

4.9

28/11/2022

3/8/2024

CVE-2022-42445: HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)

Q: Can a user with administrative privileges exploit CVE-2022-42445?

Yes, a user with administrative privileges, including 'Manage Security' permissions, can exploit CVE-2022-42445.

First published: Mon Nov 28 2022(Updated: )

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.

Credit: psirt@hcl.com

Affected Software	Affected Version	How to fix
Hcltechsw Hcl Launch	>=6.2.7.0<=6.2.7.17
Hcltechsw Hcl Launch	>=7.0.0.0<=7.0.5.12
Hcltechsw Hcl Launch	>=7.1.0.0<=7.1.2.8
Hcltechsw Hcl Launch	>=7.2.0.0<=7.2.3.1

Never miss a vulnerability like this again

Reference Links

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101208

Frequently Asked Questions

What is CVE-2022-42445?
CVE-2022-42445 is a vulnerability in HCL Launch that could allow a user with administrative privileges to recover a previously saved credential for performing authenticated LDAP searches.
How severe is CVE-2022-42445?
CVE-2022-42445 has a severity rating of 4.9, which is considered medium.
Which versions of HCL Launch are affected by CVE-2022-42445?
HCL Launch versions 6.2.7.0 to 6.2.7.17, 7.0.0.0 to 7.0.5.12, 7.1.0.0 to 7.1.2.8, and 7.2.0.0 to 7.2.3.1 are affected by CVE-2022-42445.
Can a user with administrative privileges exploit CVE-2022-42445?
Yes, a user with administrative privileges, including 'Manage Security' permissions, can exploit CVE-2022-42445.
How can I fix CVE-2022-42445 in HCL Launch?
To fix CVE-2022-42445 in HCL Launch, it is recommended to apply the necessary patches or updates provided by HCL Technologies.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/author
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/hcltechsw
canonical/hcltechsw hcl launch
version/hcltechsw hcl launch/6.2.7.0
version/hcltechsw hcl launch/6.2.7.17
version/hcltechsw hcl launch/7.0.0.0
version/hcltechsw hcl launch/7.0.5.12
version/hcltechsw hcl launch/7.1.0.0
version/hcltechsw hcl launch/7.1.2.8
version/hcltechsw hcl launch/7.2.0.0
version/hcltechsw hcl launch/7.2.3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.