PT-2024-23210 · Hcl · Hcl Bigfix Compliance

Published

2024-11-07

Updated

2024-11-08

CVE-2024-30140

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions HCL BigFix Compliance versions prior to 2.0.11

Description The issue affects HCL BigFix Compliance due to unvalidated redirects and forwards. An attacker can manipulate the HOST header, resulting in web cache poisoning, which can serve malicious content to users. This can lead to unauthorized access and exposure of sensitive data.

Recommendations For versions prior to 2.0.11, patch immediately to prevent unauthorized access and protect sensitive data. As a temporary workaround, consider restricting access to the web cache to minimize the risk of exploitation.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-30140

Affected Products

Hcl Bigfix Compliance

PT-2024-23210 · Hcl · Hcl Bigfix Compliance

CVE-2024-30140

Weakness Enumeration

Related Identifiers

Affected Products

References · 7