Lucene search

HCLVULNRICHMENT:CVE-2024-30111

HistoryJun 28, 2024 - 6:39 a.m.

CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10

2024-06-2806:39:36

CWE-1326

HCL

github.com

hcl dryice aex

missing root detection

mobile application

rooted device

unauthorized access

data breach

security compromise

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

HCL DRYiCE AEX product is impacted by Missing
Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted
device due to which malicious users can gain unauthorized access to the rooted
devices, compromising security and potentially leading to data breaches or
other malicious activities.

CNA Affected

[
  {
    "vendor": "HCL Software",
    "product": "DRYiCE AEX",
    "versions": [
      {
        "status": "affected",
        "version": "10"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-30111