MEDIUM🇬🇧 English

CVE-2024-30155

CVSS 5.5v3.1pub. 2025-03-26upd. 2025-10-30

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Hcltech Hcl Sx

    APP
    Hcltech
    21
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-30152MEDIUM6.5ten sam produkt

HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to...

CVE-2024-30154MEDIUM5.3ten sam produkt

HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute mali...

CVE-2025-62319CRITICAL9.8PL ✓ten sam vendor

Boolean-Based SQL Injection umożliwiający wstrzyknięcie dowolnego SQL

CVE-2023-37502CRITICAL9.0ten sam vendor

HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active c...

CVE-2023-37538CRITICAL9.3ten sam vendor

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...

CVE-2024-30155 — MEDIUM 5.5 | CVEbaza.pl