CVE-2024-30109
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCL Software | DRYiCE AEX | 10 | affected |
Weaknesses
- CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.