CVE-2024-30135 - OpenCVE

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

References

No reference.

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2024-06-28T07:22:28.386Z

Updated: 2024-06-28T14:27:53.899Z

Reserved: 2024-03-22T23:57:23.590Z

Link: CVE-2024-30135

JSON object: View

NVD Information

No data.

Redhat Information

No data.

CWE

CWE-200

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30135", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-03-22T23:57:23.590Z", "datePublished": "2024-06-28T07:22:28.386Z", "dateUpdated": "2024-06-28T14:27:53.899Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DRYiCE AEX", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "10"}]}], "datePublic": "2024-06-27T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.</span><br>"}], "value": "HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-06-28T07:22:28.386Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193"}], "source": {"discovery": "UNKNOWN"}, "title": "Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T14:27:41.791979Z", "id": "CVE-2024-30135", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:27:53.899Z"}}]}}