HCL Optibot Reset Station Vulnerable to Data Interception Due to Missing Strict Transport Security Header
CVE-2024-30119

3.7LOW

Key Information:

Vendor: Hcl Software
Status: Dryice Optibot Reset Station
Vendor: CVE Published:; 14 June 2024

Summary

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection.

Affected Version(s)

DRYiCE Optibot Reset Station 1.0, 2.0

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Mar 22, 2024