Cross-Site Request Forgery Vulnerability in HCL BigFix Compliance
CVE-2024-42212

5.4MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Bigfix Compliance
Vendor: CVE Published:; 5 May 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2024-42212?

HCL BigFix Compliance is vulnerable due to an improper handling of the SameSite attribute, making it susceptible to Cross-Site Request Forgery (CSRF) attacks. This flaw could allow an attacker to manipulate a user's authenticated session by tricking their browser into executing unintended actions on their behalf. This could lead to unauthorized access and potential exploitation of user data.

Affected Version(s)

HCL BigFix Compliance 2.0.12

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Jul 29, 2024