Primary

Context

HCL DevOps Velocity Brute-Force Vulnerability Due to Inadequate Rate Limiting

Vulnerability

A vulnerability exists in HCL DevOps Velocity versions prior to 5.1.7, where rate limiting for user login attempts is not properly enforced. This flaw allows brute-force attacks to bypass the established limit on unsuccessful login attempts.

Impact

Exploitation of this vulnerability could lead to successful unauthorized access through brute-force login attempts.

Remediation

Users are advised to upgrade to HCL DevOps Velocity version 5.1.7 or later. The update can be obtained from the My HCLSoftware Portal.

Added: Apr 13, 2026, 6:21 PM

Updated: Apr 13, 2026, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL DevOps Velocity Brute-Force Vulnerability Due to Inadequate Rate Limiting

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating