Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2024-42212 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-42212

CVE-2024-42212

MEDIUM5.4

HCL BigFix Compliance is affected by an improper or missing SameSite attribute

Published May 5, 2025

Modified 11 months ago

Details

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120961

https://www.cve.org/CVERecord?id=CVE-2024-42212

CVSS Analysis

CVSS v3.1

5.4

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

5.4/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedMay 5, 2025

ModifiedMay 5, 2025