Products
HCL BigFix Compliance
Source
psirt@hcl.com
Tags
CVE-2024-30126 details
Published : July 18, 2024, 8:15 p.m.
Last Modified : July 18, 2024, 8:15 p.m.
Last Modified : July 18, 2024, 8:15 p.m.
Description
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
CVSS Score
1 | 2 | 3 | 4.7 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
4.7
Exploitability Score
1.6
Impact Score
2.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
References
URL | Source |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113886 | psirt@hcl.com |
This website uses the NVD API, but is not approved or certified by it.