CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie

CVSS 3.8 LOWEPSS 0.1%CWE-614

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.8EPSS 0.1%KEV nãoPoC —Patch —

Lifecycle

Nov 07, 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected products

HCL Software · BigFix Compliance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117197