HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HHcltech Hcl Sx
APPHcltech21
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-30152MEDIUM6.5ten sam produkt
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to...
CVE-2024-30154MEDIUM5.3ten sam produkt
HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute mali...
CVE-2025-62319CRITICAL9.8PL ✓ten sam vendor
Boolean-Based SQL Injection umożliwiający wstrzyknięcie dowolnego SQL
CVE-2023-37502CRITICAL9.0ten sam vendor
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active c...
CVE-2023-37538CRITICAL9.3ten sam vendor
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...