exploitDog

CVE-2024-30155

Опубликовано: 26 мар. 2025

Источник: nvd

CVSS3: 5.5

CVSS3: 4.3

EPSS Низкий

Описание

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

Ссылки

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120110
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:hcl_sx:21:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00051

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-1275

Связанные уязвимости

GHSA-26m8-335m-qj22

CVSS3: 5.5

github

11 месяцев назад

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

EPSS

Процентиль: 16%

0.00051

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-1275