cvelistv5 - cve-2024-30125

cve-2024-30125

Vulnerability from cvelistv5

Published

2024-07-18 17:59

Modified

2024-11-12 20:40

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

Summary

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.

References

▼	URL	Tags
	psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113886
	af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113886

Impacted products

	Vendor	Product	Version
	HCL Software	BigFix Compliance	Version: 2.0.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T17:22:43.393215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:40:57.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:25:02.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix Compliance",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.x"
            }
          ]
        }
      ],
      "datePublic": "2024-07-18T17:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-18T19:21:24.064Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix Compliance is affected by an internal server error",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2024-30125",
    "datePublished": "2024-07-18T17:59:48.338Z",
    "dateReserved": "2024-03-22T23:57:22.507Z",
    "dateUpdated": "2024-11-12T20:40:57.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-30125\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2024-07-18T18:15:05.460\",\"lastModified\":\"2024-11-21T09:11:18.223\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.\"},{\"lang\":\"es\",\"value\":\"El servidor HCL BigFix Compliance puede responder con un estado HTTP de 500, lo que indica un error del lado del servidor que puede provocar la interrupci\u00f3n del proceso del servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886\",\"source\":\"psirt@hcl.com\"},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"BigFix Compliance\", \"vendor\": \"HCL Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.x\"}]}], \"datePublic\": \"2024-07-18T17:40:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eHCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.\u003c/span\u003e\u003cbr\u003e\"}], \"value\": \"HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"LOW\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2024-07-18T19:21:24.064Z\"}, \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"HCL BigFix Compliance is affected by an internal server error\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:25:02.997Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30125\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T17:22:43.393215Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T17:22:55.637Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-30125\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"HCL\", \"dateReserved\": \"2024-03-22T23:57:22.507Z\", \"datePublished\": \"2024-07-18T17:59:48.338Z\", \"dateUpdated\": \"2024-11-12T20:40:57.871Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2024-30125

Vulnerability from fkie_nvd

Published

2024-07-18 18:15

Modified

2024-11-21 09:11

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

Summary

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.

References

▼	URL	Tags
	psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113886
	af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113886

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die."
    },
    {
      "lang": "es",
      "value": "El servidor HCL BigFix Compliance puede responder con un estado HTTP de 500, lo que indica un error del lado del servidor que puede provocar la interrupci\u00f3n del proceso del servidor."
    }
  ],
  "id": "CVE-2024-30125",
  "lastModified": "2024-11-21T09:11:18.223",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 4.7,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-18T18:15:05.460",
  "references": [
    {
      "source": "psirt@hcl.com",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-1679

Vulnerability from csaf_certbund

Published

2024-07-18 22:00

Modified

2024-07-18 22:00

Summary

HCL BigFix: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.

Angriff

Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen Clickjacking-Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen Clickjacking-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1679 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1679.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1679 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1679"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2024-07-18",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
      }
    ],
    "source_lang": "en-US",
    "title": "HCL BigFix: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:11:37.264+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1679",
      "initial_release_date": "2024-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Compliance \u003c2.0.11",
                "product": {
                  "name": "HCL BigFix Compliance \u003c2.0.11",
                  "product_id": "T036365"
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-30125",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im Compliance-Server in HCL BigFix aufgrund einer unsachgem\u00e4\u00dfen Behandlung des HTTP 500-Statuscodes. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "release_date": "2024-07-18T22:00:00.000+00:00",
      "title": "CVE-2024-30125"
    },
    {
      "cve": "CVE-2024-30126",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in der Compliance-Komponente in HCL BigFix aufgrund eines fehlenden X-Frame-Options HTTP-Headers, die es erm\u00f6glicht, eine b\u00f6sartige Website zu erstellen, die die Ziel-Website einbettet. Indem der Benutzer dazu gebracht wird, Aktionen auf der Ziel-Website auszuf\u00fchren, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und somit einen Clickjacking-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-07-18T22:00:00.000+00:00",
      "title": "CVE-2024-30126"
    }
  ]
}

wid-sec-w-2024-1679

Vulnerability from csaf_certbund

Published

2024-07-18 22:00

Modified

2024-07-18 22:00

Summary

HCL BigFix: Mehrere Schwachstellen

Notes

Produktbeschreibung

BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.

Angriff

Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen Clickjacking-Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen Clickjacking-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1679 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1679.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1679 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1679"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2024-07-18",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
      }
    ],
    "source_lang": "en-US",
    "title": "HCL BigFix: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:11:37.264+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1679",
      "initial_release_date": "2024-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Compliance \u003c2.0.11",
                "product": {
                  "name": "HCL BigFix Compliance \u003c2.0.11",
                  "product_id": "T036365"
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-30125",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im Compliance-Server in HCL BigFix aufgrund einer unsachgem\u00e4\u00dfen Behandlung des HTTP 500-Statuscodes. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "release_date": "2024-07-18T22:00:00.000+00:00",
      "title": "CVE-2024-30125"
    },
    {
      "cve": "CVE-2024-30126",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in der Compliance-Komponente in HCL BigFix aufgrund eines fehlenden X-Frame-Options HTTP-Headers, die es erm\u00f6glicht, eine b\u00f6sartige Website zu erstellen, die die Ziel-Website einbettet. Indem der Benutzer dazu gebracht wird, Aktionen auf der Ziel-Website auszuf\u00fchren, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und somit einen Clickjacking-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-07-18T22:00:00.000+00:00",
      "title": "CVE-2024-30126"
    }
  ]
}

ghsa-7p6r-chvr-633v

Vulnerability from github

Published

2024-07-18 18:31

Modified

2024-07-18 18:31

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

Details

The server responded with an HTTP status of 500, indicating a server-side error that may cause the server process to die.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-30125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-18T18:15:05Z",
    "severity": "MODERATE"
  },
  "details": "The server responded with an HTTP status of 500, indicating a server-side error that may cause the server process to die.",
  "id": "GHSA-7p6r-chvr-633v",
  "modified": "2024-07-18T18:31:42Z",
  "published": "2024-07-18T18:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30125"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2024-30125

Vulnerability from gsd

Modified

2024-04-03 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-30125

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-30125"
      ],
      "id": "GSD-2024-30125",
      "modified": "2024-04-03T05:02:29.070013Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-30125",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-30125

Vulnerability from cvelistv5

fkie_cve-2024-30125

Vulnerability from fkie_nvd

WID-SEC-W-2024-1679

Vulnerability from csaf_certbund

wid-sec-w-2024-1679

Vulnerability from csaf_certbund

ghsa-7p6r-chvr-633v

Vulnerability from github

gsd-2024-30125

Vulnerability from gsd

Tags

Sightings

Nomenclature