{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30128", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-03-22T23:57:23.589Z", "datePublished": "2024-09-25T14:42:53.930Z", "dateUpdated": "2024-09-25T15:34:19.530Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Nomad server on Domino", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "<1.0.13"}]}], "datePublic": "2024-09-25T14:35:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information."}], "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL."}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-09-25T14:42:53.930Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504"}], "source": {"discovery": "UNKNOWN"}, "title": "An open proxy vulnerability affects HCL Nomad server on Domino", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-441", "lang": "en", "description": "CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')"}]}], "affected": [{"vendor": "hcltech", "product": "nomad_server_on_domino", "cpes": ["cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.13", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T15:27:27.770959Z", "id": "CVE-2024-30128", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:34:19.530Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30128", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T15:27:27.770959Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"], "vendor": "hcltech", "product": "nomad_server_on_domino", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.13", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-441", "description": "CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:34:06.248Z"}}], "cna": {"title": "An open proxy vulnerability affects HCL Nomad server on Domino", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL."}]}], "affected": [{"vendor": "HCL Software", "product": "Nomad server on Domino", "versions": [{"status": "affected", "version": "<1.0.13"}], "defaultStatus": "unaffected"}], "datePublic": "2024-09-25T14:35:00.000Z", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.", "supportingMedia": [{"type": "text/html", "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-09-25T14:42:53.930Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30128", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:34:19.530Z", "dateReserved": "2024-03-22T23:57:23.589Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-09-25T14:42:53.930Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information."}, {"lang": "es", "value": "El servidor HCL Nomad en Domino se ve afectado por una vulnerabilidad de proxy abierto en la que un atacante no autenticado puede ocultar su direcci\u00f3n IP de origen original. Esto puede permitirle a un atacante enga\u00f1ar al usuario para que exponga informaci\u00f3n confidencial."}], "id": "CVE-2024-30128", "lastModified": "2024-09-26T13:32:02.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2024-09-25T15:15:13.717", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-441"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}