CVE-2024-30109 - Vulnerability Details - OpenCVE

Description

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.

Published: 2024-06-28

Score: 3.7 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HCL Software

DRYiCE AEX

unaffected

Version	Status	Constraints
`10`	affected	—

Configuration 1 [-]

cpe:2.3:a:hcltech:dryice_aex:10.0:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-28045	HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00353.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193

History

Thu, 30 Oct 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech dryice Aex
CPEs		cpe:2.3:a:hcltech:dryice_aex:10.0:::::::*
Vendors & Products		Hcltech Hcltech dryice Aex

Subscriptions

Hcltech Dryice Aex

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-06-28T05:40:32.805Z

Updated: 2024-08-02T01:25:02.959Z

Reserved: 2024-03-22T23:57:21.324Z

Link: CVE-2024-30109

Vulnrichment

Updated: 2024-06-28T14:31:47.895Z

NVD

Status : Analyzed

Published: 2024-06-28T06:15:05.180

Modified: 2025-10-30T18:45:18.870

Link: CVE-2024-30109

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-1021

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30109", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-03-22T23:57:21.324Z", "datePublished": "2024-06-28T05:40:32.805Z", "dateUpdated": "2024-08-02T01:25:02.959Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DRYiCE AEX", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "10"}]}], "datePublic": "2024-06-27T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p>HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.</p><p></p>"}], "value": "HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-06-28T05:40:32.805Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193"}], "source": {"discovery": "UNKNOWN"}, "title": "Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T14:31:41.226109Z", "id": "CVE-2024-30109", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:31:52.742Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:02.959Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-28T14:31:41.226109Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:31:47.895Z"}}], "cna": {"title": "Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL."}]}], "affected": [{"vendor": "HCL Software", "product": "DRYiCE AEX", "versions": [{"status": "affected", "version": "10"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-27T19:00:00.000Z", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.", "supportingMedia": [{"type": "text/html", "value": "<p></p><p>HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.</p><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-06-28T05:40:32.805Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30109", "state": "PUBLISHED", "dateUpdated": "2024-06-28T14:31:52.742Z", "dateReserved": "2024-03-22T23:57:21.324Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-06-28T05:40:32.805Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_aex:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB374CFE-9DFA-4891-B97F-8FFC19EF25BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended."}, {"lang": "es", "value": "HCL DRYiCE AEX se ve afectado por la falta de protecci\u00f3n contra el clickjacking en la aplicaci\u00f3n web AEX. Un atacante puede utilizar m\u00faltiples capas transparentes u opacas para enga\u00f1ar a un usuario para que haga clic en un bot\u00f3n o enlace en una p\u00e1gina distinta a la prevista."}], "id": "CVE-2024-30109", "lastModified": "2025-10-30T18:45:18.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-28T06:15:05.180", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "psirt@hcl.com", "type": "Secondary"}]}