Sensitive Data Exposure in HCL Leap Due to Missing Cache Controls
CVE-2024-30127

3.2LOW

Key Information:

Vendor: HCL Software Software
Status: HCL Software Leap
Vendor: CVE Published:; 24 April 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2024-30127?

HCL Leap is vulnerable due to the absence of 'no cache' headers, which allows sensitive information to be cached. This oversight can lead to unauthorized access to confidential data, posing significant security risks. Organizations using HCL Leap must take immediate action to mitigate these risks and ensure that sensitive data is not cached inadvertently.

Affected Version(s)

HCL Leap < 9.3.9

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Mar 22, 2024