CVE-2024-30155

EPSS 0.14%
Veröffentlicht 26.03.2025 07:59:52
Zuletzt bearbeitet 30.10.2025 15:03:17
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Hcl Sx Version21

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.332

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
psirt@hcl.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-1275 Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120110

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-30155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30155

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-30155