Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-30128

Sept. 26, 2024, 1:32 p.m.

CVSS Score

8.6 / 10

Product(s) Impacted

HCL Nomad server on Domino

Description

HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.

Weaknesses

CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

CWE ID: 441

Date

Published: Sept. 25, 2024, 3:15 p.m.

Last Modified: Sept. 26, 2024, 1:32 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@hcl.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
8.6
Exploitability Score
3.9
Impact Score
4.0
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

References