Описание
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.1.0 (включая) до 8.1.2.4 (исключая)
cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00017
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 5.9
github
около 2 месяцев назад
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks.
EPSS
Процентиль: 3%
0.00017
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-319