Insecure Cookie Flag Leaves BigFix Compliance Vulnerable to XSS Attacks
CVE-2024-30142

3.8LOW

Key Information:

Vendor: Hcl Software
Status: Bigfix Compliance
Vendor: CVE Published:; 7 November 2024

Summary

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

Affected Version(s)

BigFix Compliance 2.0.11

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Mar 22, 2024