MEDIUM🇬🇧 English

CVE-2024-42212

CVSS 5.4v3.1pub. 2025-05-05upd. 2025-06-17

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Hcltech Bigfix Compliance

    APP
    Hcltech
    2.0.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-27756HIGH7.5ten sam produkt

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are n...

CVE-2023-37525MEDIUM5.3ten sam produkt

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the...

CVE-2024-42213MEDIUM5.3ten sam produkt

HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An atta...

CVE-2024-30140MEDIUM5.4ten sam produkt

HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated b...

CVE-2024-30141MEDIUM4.7ten sam produkt

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Det...