CVE-2024-30155 MEDIUM

CVE-2024-30155: HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability

Vendor Hcl Software
Product HCL SX
Weakness CWE-1275
Published March 26, 2025
Last update March 26, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

Key dates

02Disclosure timeline

March 26, 2025 CVE published
March 26, 2025 Record updated