CVE-2024-30140

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 7, 2024
Updated: Nov 8, 2024
CWE ID 601

Summary

CVE-2024-30140 is a vulnerability affecting HCL BigFix Compliance. Maliciously manipulated HOST headers can trigger unvalidated redirects or forwards, enabling attackers to poison the web cache. This issue poses a significant risk, as affected users may be served compromised pages without their knowledge. Attackers can exploit this vulnerability to gain unauthorized access or distribute malware. Organizations using HCL BigFix Compliance are urged to apply patches or workarounds promptly to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • IBM BigFix Compliance

Affected Vendors

  • IBM Corporation