Sensitive Cookie with Improper SameSite Attribute

CVE-2024-30155

Medium

5.5/10

Summary

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1275 - Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

References

Advisory Timeline

Published Mar 26, 2025

Sensitive Cookie with Improper SameSite Attribute

CVE-2024-30155

Summary

CWE-1275 - Sensitive Cookie with Improper SameSite Attribute

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS