CVE-2024-30142
HCL BigFix Compliance is affected by a missing secure flag on a cookie
Severity Score
3.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.
HCL BigFix Compliance se ve afectado por la falta de una bandera de seguridad en una cookie. Si no se establece una bandera de seguridad, un atacante puede robar las cookies mediante XSS, lo que da como resultado un acceso no autorizado o las cookies de sesión podrían transferirse a través de un canal no cifrado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-22 CVE Reserved
- 2024-11-07 CVE Published
- 2024-11-07 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| HCL Software Search vendor "HCL Software" | BigFix Compliance Search vendor "HCL Software" for product "BigFix Compliance" | 2.0.11 Search vendor "HCL Software" for product "BigFix Compliance" and version "2.0.11" | en |
Affected
| ||||||