How severe is CVE-2024-30155?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-30155?

This is classified as CWE-1275, which is a common weakness in software security.

CVE-2024-30155

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-1275

View all →

Vulnerability Description

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

CVE-2024-42212

MEDIUM

CVSS:5.4(Medium)

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into mak...

CWE-12752024

CVE-2022-38386

MEDIUM

CVSS:5.9(Medium)

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow a...

CWE-12752022

CVE-2025-24387

MEDIUM

CVSS:6.5(Medium)

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious w...

CWE-12752025

CVE-2024-43173

LOW

CVSS:3.7(Low)

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

CWE-12752024

CVE-2024-6611

CRITICAL

CVSS:9.8(Critical)

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CWE-12752024