CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute
In short
HCL BigFix Compliance lacks proper cookie protection, allowing attackers on malicious websites to trick your browser into performing unwanted actions while you're logged in.
Technical detail
The application fails to set or properly configure the SameSite attribute on cookies, enabling Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious site that, when visited by an authenticated user, triggers unintended requests to BigFix Compliance using the victim's session cookies.
Summary generated and translated by AI from the official description.
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
HCL Software · HCL BigFix ComplianceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →