5.4
CVE-2024-42212
- EPSS 0.17%
- Veröffentlicht 05.05.2025 18:40:57
- Zuletzt bearbeitet 17.06.2025 21:04:05
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL BigFix Compliance is affected by an improper or missing SameSite attribute
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Bigfix Compliance Version2.0.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.387 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@hcl.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-1275 Sensitive Cookie with Improper SameSite Attribute
The SameSite attribute for sensitive cookies is not set, or an insecure value is used.