CVE-2024-30142 Vulnerability Details

  /     /     /  

CVE-2024-30142 Metadata Quick Info

CVE Published: 07/11/2024 | CVE Updated: 07/11/2024 | CVE Year: 2024
Source: HCL | Vendor: HCL Software | Product: BigFix Compliance
Status : PUBLISHED

CVE-2024-30142 Description

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

Metrics

CVSS Version: 3.1 | Base Score: 3.8 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-614
CWE Name: CWE-614 Sensitive Cookie in HTTPS Session Without Secure Attribute
Source: HCL Software

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: