MEDIUM🇬🇧 English

CVE-2024-30140

CVSS 5.4v3.1pub. 2024-11-07upd. 2025-06-17

HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
  • Hcltech Bigfix Compliance

    APP
    Hcltech
    2.0.11
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-27756HIGH7.5ten sam produkt

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are n...

CVE-2023-37525MEDIUM5.3ten sam produkt

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the...

CVE-2024-42213MEDIUM5.3ten sam produkt

HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An atta...

CVE-2024-42212MEDIUM5.4ten sam produkt

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site R...

CVE-2024-30141MEDIUM4.7ten sam produkt

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Det...