HCL DevOps Deploy
Moderate fix3 remedies
cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 8.0, <= 8.0.1.10
- >= 8.1, <= 8.1.2.3
HCL DevOps Deploy and HCL Launch Insufficient Session Expiration Vulnerability Allowing Unauthorized Access
Vulnerability
Patched
A race condition has been identified in the http-session client-IP binding enforcement of HCL DevOps Deploy versions 8.0 prior to 8.0.1.10 and 8.1 prior to 8.1.2.3, as well as HCL Launch versions 7.3 through 7.3.2.15. This vulnerability creates an insufficient session expiration issue, allowing a session to be temporarily reused from a different IP address before it is properly invalidated. Under certain network conditions, this could result in unauthorized access.
Impact
Exploitation of this vulnerability could lead to unauthorized access by allowing sessions to be reused from different IP addresses.
Remediation
Users are advised to upgrade to HCL Launch versions 7.3.2.16 or later, or HCL DevOps Deploy versions 8.0.1.11, 8.1.2.4, 8.2.0.0 or later.
Added: Dec 16, 2025, 6:58 PM
Updated: Dec 16, 2025, 6:58 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
5.0exploitability
4.5remediation
7.7relevance
1.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.