Primary

Context

HCL DevOps Deploy Insufficiently Protected Credentials Vulnerability

Vulnerability

Patched

A vulnerability exists in HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3, where a user with LLM configuration privileges may recover credentials saved for authenticated LLM queries. This issue arises from inadequate protection of these credentials, allowing for potential unauthorized access or misuse.

Impact

Exploitation of this vulnerability could lead to the unauthorized recovery of sensitive credentials, which could then be used to perform authenticated LLM queries, potentially compromising the integrity of the application's data handling or decision-making processes.

Remediation

Users are advised to upgrade to version 8.1.2.4, 8.2.0.0, or later. These versions are available through the My HCLSoftware Portal.

Added: Jan 7, 2026, 5:42 PM

Updated: Jan 7, 2026, 5:42 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL DevOps Deploy Insufficiently Protected Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL DevOps Deploy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating