| ID |
CVE-2024-30142
|
| Sažetak |
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel. |
| Reference |
|
| CVSS |
| Base: | 3.8 |
| Impact: | 1.4 |
| Exploitability: | 2.0 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| LOCAL |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
NONE |
LOW |
|
| CVSS vektor |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
| Zadnje važnije ažuriranje |
08-11-2024 - 19:01 |
| Objavljeno |
07-11-2024 - 09:15 |
