AEX Vulnerable to Lack of Input Validation
CVE-2024-30110

3.7LOW

Key Information:

Vendor: Hcl Software
Status: Dryice Aex
Vendor: CVE Published:; 28 June 2024

Summary

The input validation vulnerability in HCL DRYiCE AEX compromises the security of the web application, enabling attackers to inject malicious scripts. This flaw may lead to unexpected system behavior, potentially allowing unauthorized access or manipulation of data. Safeguarding the application against such vulnerabilities is essential for maintaining system integrity and protecting sensitive information. Organizations utilizing HCL DRYiCE AEX should prioritize immediate remediation measures.

Affected Version(s)

DRYiCE AEX 10

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Mar 22, 2024