CVE-2024-30128

EPSS 0.42%
Published 25.09.2024 15:15:13
Last modified 26.09.2024 13:32:02
Source psirt@hcl.com
Teams watchlist Login
Open Login

HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorhcltech

≫

Product nomad_server_on_domino

Default Statusunknown

Version < 1.0.13

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.613

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@hcl.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504

https://nvd.nist.gov/vuln/detail/CVE-2024-30128

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30128

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30128

EUVD