exploitDog

CVE-2024-30142

Опубликовано: 07 нояб. 2024

Источник: nvd

CVSS3: 3.8

EPSS Низкий

Описание

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

Ссылки

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:bigfix_compliance:2.0.11:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

3.8 Low

CVSS3

Дефекты

CWE-614

Связанные уязвимости

GHSA-8m29-g8hw-c32w

CVSS3: 3.8

github

больше 1 года назад

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

EPSS

Процентиль: 9%

0.00032

Низкий

3.8 Low

CVSS3

Дефекты

CWE-614