CVE-2024-30155

Summary

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL SX21affected

Weaknesses

  • CWE-1275: CWE-1275 Sensitive Cookie with Improper SameSite Attribute

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References