HCL SX Cross-Site Request Forgery Vulnerability Due to Insecure Cookie Attributes

Vulnerability

A vulnerability exists in HCL SX because it fails to set the secure attribute on authorization tokens and session cookies. This oversight could allow attackers to intercept cookie values through Cross-Site Request Forgery (CSRF) attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to session cookies or authorization tokens, potentially allowing for session hijacking or unauthorized actions on behalf of the user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL SX Cross-Site Request Forgery Vulnerability Due to Insecure Cookie Attributes

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating