Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for dryice_aex by hcltech

    CVE-2024-30135 (GCVE-0-2024-30135)

    Vulnerability from nvd – Published: 2024-06-28 07:22 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T14:27:41.791979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T14:27:53.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:02.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T07:22:28.386Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30135",
        "datePublished": "2024-06-28T07:22:28.386Z",
        "dateReserved": "2024-03-22T23:57:23.590Z",
        "dateUpdated": "2024-08-02T01:25:02.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30111 (GCVE-0-2024-30111)

    Vulnerability from nvd – Published: 2024-06-28 06:39 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Missing Root Detection vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1326 - Missing Immutable Root of Trust in Hardware
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30111",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T19:34:01.190491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:26:34.504Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.081Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL DRYiCE AEX product is impacted by Missing\nRoot Detection vulnerability in the mobile application. The  mobile app can be installed in the rooted\ndevice due to which malicious users can gain unauthorized access to the rooted\ndevices, compromising security and potentially leading to data breaches or\nother malicious activities. \n\n\n\n"
                }
              ],
              "value": "HCL DRYiCE AEX product is impacted by Missing\nRoot Detection vulnerability in the mobile application. The  mobile app can be installed in the rooted\ndevice due to which malicious users can gain unauthorized access to the rooted\ndevices, compromising security and potentially leading to data breaches or\nother malicious activities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1326",
                  "description": "CWE-1326:  Missing Immutable Root of Trust in Hardware",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T06:39:36.149Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Root Detection vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30111",
        "datePublished": "2024-06-28T06:39:36.149Z",
        "dateReserved": "2024-03-22T23:57:21.324Z",
        "dateUpdated": "2024-08-02T01:25:03.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30110 (GCVE-0-2024-30110)

    Vulnerability from nvd – Published: 2024-06-28 06:25 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Lack of input validation vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T14:30:02.488359Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T14:30:14.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eHCL DRYiCE\nAEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which\ncan cause the system to behave in unexpected ways.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "HCL DRYiCE\nAEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which\ncan cause the system to behave in unexpected ways."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T06:25:51.349Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of input validation vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30110",
        "datePublished": "2024-06-28T06:25:51.349Z",
        "dateReserved": "2024-03-22T23:57:21.324Z",
        "dateUpdated": "2024-08-02T01:25:03.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30109 (GCVE-0-2024-30109)

    Vulnerability from nvd – Published: 2024-06-28 05:40 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T14:31:41.226109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T14:31:52.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:02.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eHCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application.  An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application.  An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T05:40:32.805Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30109",
        "datePublished": "2024-06-28T05:40:32.805Z",
        "dateReserved": "2024-03-22T23:57:21.324Z",
        "dateUpdated": "2024-08-02T01:25:02.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30135 (GCVE-0-2024-30135)

    Vulnerability from cvelistv5 – Published: 2024-06-28 07:22 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T14:27:41.791979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T14:27:53.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:02.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T07:22:28.386Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30135",
        "datePublished": "2024-06-28T07:22:28.386Z",
        "dateReserved": "2024-03-22T23:57:23.590Z",
        "dateUpdated": "2024-08-02T01:25:02.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30111 (GCVE-0-2024-30111)

    Vulnerability from cvelistv5 – Published: 2024-06-28 06:39 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Missing Root Detection vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1326 - Missing Immutable Root of Trust in Hardware
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30111",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T19:34:01.190491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:26:34.504Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.081Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL DRYiCE AEX product is impacted by Missing\nRoot Detection vulnerability in the mobile application. The  mobile app can be installed in the rooted\ndevice due to which malicious users can gain unauthorized access to the rooted\ndevices, compromising security and potentially leading to data breaches or\nother malicious activities. \n\n\n\n"
                }
              ],
              "value": "HCL DRYiCE AEX product is impacted by Missing\nRoot Detection vulnerability in the mobile application. The  mobile app can be installed in the rooted\ndevice due to which malicious users can gain unauthorized access to the rooted\ndevices, compromising security and potentially leading to data breaches or\nother malicious activities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1326",
                  "description": "CWE-1326:  Missing Immutable Root of Trust in Hardware",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T06:39:36.149Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Root Detection vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30111",
        "datePublished": "2024-06-28T06:39:36.149Z",
        "dateReserved": "2024-03-22T23:57:21.324Z",
        "dateUpdated": "2024-08-02T01:25:03.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30110 (GCVE-0-2024-30110)

    Vulnerability from cvelistv5 – Published: 2024-06-28 06:25 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Lack of input validation vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T14:30:02.488359Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T14:30:14.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:03.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eHCL DRYiCE\nAEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which\ncan cause the system to behave in unexpected ways.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "HCL DRYiCE\nAEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which\ncan cause the system to behave in unexpected ways."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T06:25:51.349Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of input validation vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30110",
        "datePublished": "2024-06-28T06:25:51.349Z",
        "dateReserved": "2024-03-22T23:57:21.324Z",
        "dateUpdated": "2024-08-02T01:25:03.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30109 (GCVE-0-2024-30109)

    Vulnerability from cvelistv5 – Published: 2024-06-28 05:40 – Updated: 2024-08-02 01:25
    VLAI
    Title
    Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
    Summary
    HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    HCL
    Impacted products
    Date Public
    2024-06-27 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T14:31:41.226109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T14:31:52.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:02.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DRYiCE AEX",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "10"
                }
              ]
            }
          ],
          "datePublic": "2024-06-27T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eHCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application.  An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application.  An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T05:40:32.805Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2024-30109",
        "datePublished": "2024-06-28T05:40:32.805Z",
        "dateReserved": "2024-03-22T23:57:21.324Z",
        "dateUpdated": "2024-08-02T01:25:02.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }