Products
HCL Nomad server on Domino
Source
psirt@hcl.com
Tags
CVE-2024-30128 details
Published : Sept. 25, 2024, 3:15 p.m.
Last Modified : Sept. 25, 2024, 4:35 p.m.
Last Modified : Sept. 25, 2024, 4:35 p.m.
Description
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.6 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
8.6
Exploitability Score
3.9
Impact Score
4.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References
| URL | Source |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504 | psirt@hcl.com |
This website uses the NVD API, but is not approved or certified by it.