Primary

Context

HCL DevOps Deploy Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

Patched

A vulnerability exists in HCL DevOps Deploy versions 8.1 prior to 8.1.2.3, allowing for cleartext transmission of sensitive information. The HTTP port remains accessible without proper redirection to HTTPS, enabling attackers with network access to intercept or modify user credentials and session data. This vulnerability could be exploited through passive monitoring or man-in-the-middle attacks.

Impact

Exploitation of this vulnerability could lead to interception or modification of user credentials and session-related data.

Remediation

Users are advised to upgrade to version 8.1.2.4, 8.2.0.0 or later. These versions are available through the My HCLSoftware Portal.

Added: Dec 16, 2025, 7:19 AM

Updated: Dec 16, 2025, 3:13 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

5.6

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

5.6

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL DevOps Deploy Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL DevOps Deploy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating