CVE-2024-30112

moderate-risk
Published 2024-06-25

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (8)

Affected Vendors

Hcltech

References (2)

Vendor Advisory https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114148
Vendor Advisory https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114148
38
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 3/34 · Minimal
Exposure 14/34 · Moderate