HCL BigFix Compliance Vulnerable to X-Frame-Options Header Attack
CVE-2024-30126

4.7MEDIUM

Key Information:

Vendor: Hcl Software
Status: Bigfix Compliance
Vendor: CVE Published:; 18 July 2024

Summary

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.

Affected Version(s)

BigFix Compliance 2.0.x

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2024