CVE-2024-30155 Information

Description

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

Reference

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120110