CVE-2024-30140
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Nov 7, 2024
Updated: Nov 8, 2024
CWE ID 601
Summary
CVE-2024-30140 is a vulnerability affecting HCL BigFix Compliance. Maliciously manipulated HOST headers can trigger unvalidated redirects or forwards, enabling attackers to poison the web cache. This issue poses a significant risk, as affected users may be served compromised pages without their knowledge. Attackers can exploit this vulnerability to gain unauthorized access or distribute malware. Organizations using HCL BigFix Compliance are urged to apply patches or workarounds promptly to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- IBM BigFix Compliance
Affected Vendors
- IBM Corporation