Lucy Mobile App Vulnerable to CORS Misconfiguration
CVE-2023-37526

6.5MEDIUM

Key Information:

Vendor: Hcl Software
Status: Dryice Lucy
Vendor: CVE Published:; 14 May 2024

Summary

A significant security concern has been identified in the HCL DRYiCE Lucy mobile application due to a misconfiguration of Cross Origin Resource Sharing (CORS). This vulnerability permits unauthorized access to application resources from untrusted web domains. As a result, attackers could exploit this flaw to perform cache poisoning attacks, potentially compromising the integrity and confidentiality of user data. Proper configuration and validation of CORS policies are essential to mitigate this risk and ensure secure application functionality.

Affected Version(s)

DRYiCE Lucy v9

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Jul 6, 2023