exploitDog

CVE-2024-30109

Опубликовано: 28 июн. 2024

Источник: nvd

CVSS3: 3.7

CVSS3: 6.1

EPSS Низкий

Описание

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:dryice_aex:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00353

Низкий

3.7 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-1021

Связанные уязвимости

GHSA-82vg-m48p-wwpp

CVSS3: 6.1

github

3 месяца назад

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.

EPSS

Процентиль: 57%

0.00353

Низкий

3.7 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-1021